Hi there,

Your project has a hardcoded URL reference to the current Let's Encrypt subscriber agreement:

https://github.com/AirConsole/letsencrypt/blob/master/__init__.py#L228

This URL changed November 15th. New registration requests using this ACME client will produce an error as of today. (This is another instance of the previously reported Issue #3)

ACME clients do not need to hardcode a subscriber agreement URL and Let's Encrypt discourages this practice. You should learn the current agreement URL at runtime instead so that it is always current.

One option is to reference the agreement URL from the "meta" key's "terms-of-service" element from the response to a GET request to the ACME server's /directory endpoint:

{
  <snip>
  "meta": {
        "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
  },
  <snip>
}

A second option is to learn the current subscriber agreement URL at runtime as part of the new-reg flow: Client code can submit an initial new-reg request without an agreement value in the request payload. The account will be created and in the response will be a Link header with a terms-of-service relation pointing at the current agreement URL. Once this Link header has been seen the client should update the registration to agree to the terms by sending a payload with the agreement value set to the current agreement URL.

Thanks!

You can delete this issue, but I just wanted to give a huge THANK YOU for making this. I have been dealing with manually renewing letsencrypt certs on appengine for a few cycles now and it's a pita.

This is a way better and faster solution than any of the higher google search ranked blog posts on this topic.

I got the following error:

Registering account...
Traceback (most recent call last):
  File "<stdin>", line 332, in <module>
  File "<stdin>", line 329, in main
  File "<stdin>", line 212, in get_crt
ValueError: Error registering: 400 {
  "type": "urn:acme:error:malformed",
  "detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1
.1.1-August-1-2016.pdf]",
  "status": 400
}

…and needed to fork your script and update the hard-coded agreement URL in order for it to work.

Thanks much for this script — very useful!

Hey,

I have run through the installation instructions and deploy to appengine. I have tried the curl command in OSX Terminal and also Google Cloud Shell but I'm getting the same error (log below).

I have limited knowledge of Python, so can't really see where it's going wrong on line 244 other than that the response code hasn't come back as 200 (which I presume is because there's an error creating the challenge file).

Generate account key... Generate domain key... Generate csr... Parsing account key... Parsing CSR... Registering account... Registered! Verifying www.xxxxx.co.uk... Setting challenge www.xxxxx.co.uk... Traceback (most recent call last): File "<stdin>", line 332, in <module> File "<stdin>", line 329, in main File "<stdin>", line 244, in get_crt ValueError: Error setting challenge on http://www.xxxxx.co.uk/.well-known/acme-challenge/