Haproxy-letsencrypt ACMEv1

Hi all,

My Docker container with haproxy won´t start.
The Docker log says:

The client lacks sufficient authorization :: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.

The Docker container it self is restarting:

Error response from daemon: Container df97c677bae95a190b2c7be16425103faf1650e2d082dc14b164599cf5c3a75d is restarting, wait until the container is running

Can anyone help me please :frowning:

Many Thanks

Hello @UgurU, and welcome to the community!

Thanks a lot for pointing our attention to this problem and for its documented explanation. I wasn’t aware of this issue so I really appreciate your notice. Let’s try to see if we can help.

From the error your detailed it seems it would need to switch to using ACMEv2, so let’s first try to focus on that. I’m personally not familiar with HAProxy, but it seems to be able to use ACMEv2 if configured to do so. I would recommend to have a look their related announcement to see how to do so (linked below) in case some edits in configuration files will fix the issue. As a reminder, these configuration files should be located in the shares you used while installing the rock-on.

The author of the rock-on, @dilli may be able to help as well in case he can see this message. I do notice, thanks to you, that this image hasn’t been updated in several years so it may be wiser to switch to a more recent and supported alternative.

In this context–and as recommended on the HAProxy docker image documentation–would your need be met by using Nginx, for instance? @HBDK recently shared a rock-on for running the Nginx reverse-proxy with included letsencrypt support; this seems like a possible fit for your needs. Please see his message linked below for further details:

Sorry I can’t provide a much clearer help for now, but I hope this will at least help you progress on this issue.

I honestly would look at other ways to get the cert and just use the native OS to do it. I am using digitalocean and for the renew I just need to pass the following (assuming I put my creds in the file specified)
certbot renew --dns-digitalocean --dns-digitalocean-credentials /root/.secrets/certbot/digitalocean.ini

As for the rockon, it’s not getting updated (the docker image behind it) so the rockon isn’t useful at all now IMHO. If you REALLY want a rockon to do this, hop on the github and open a request/issue asking for it. https://github.com/rockstor/rockon-registry

1 Like