Update sympl-ssl IPv6 only to support Let's Encrypt ACMEv2
I've been wondering why a Mythic Beasts hosted RPi site wasn't updating the SSL certificate. (Luckily I've got an alert through Status Cake for it.)
Looking in the /etc/hosts
file, I noticed many lines of the form (output from cat
):
2606:4700:60:0:f53d:5624:85c7:3a2c
acme-v01.api.letsencrypt.org # sympl-ssl workaround
2606:4700:60:0:f53d:5624:85c7:3a2c
acme-v01.api.letsencrypt.org # sympl-ssl workaround
2606:4700:60:0:f53d:5624:85c7:3a2c
acme-v01.api.letsencrypt.org # sympl-ssl workaround
Knowing that the v02 API is now needed, I adjusted it to remove the new line, and switched to the v2 url, and then running sudo sympl-ssl --verbose subdomain.example.com
worked as expected instead of giving the error:
Current SSL set 14: signed by /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3, expires 2019-12-08 06:19:41 UTC
The current certificate expires in 4 days.
Fetching a new certificate from LetsEncrypt.
!! Failed: execution expired
Could the workaround please be updated for the new API (changing the 1 to a 2 in the url)?