Lua-resty-auto-ssl: Need latest version of letsencrypt.sh
The License Agreement changed on August 1st.
The version of the script installed with the module through Luarocks is outdated now and blocks registration.
n11c
All 13 comments
In the meantime you can set the following in a config file (/etc/resty-auto-ssl/letsencrypt/conf.d/your_company for example):
LICENSE="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
This overwrites the default value set in letsencrypt.sh
gregkare
on 3 Aug 2016
Thanks for the heads up, @zacbri! And good tip, @gregkare!
This should be fixed in the v0.8.5 release. As noted in #14, this issue should have only affected new users, so if you're already a v0.8.4 from before August 1st, you don't necessarily need to upgrade (but it's probably a good idea). I've also tried to improve our test suite so we can more proactively catch these type of issues if they crop up again.
GUI
on 3 Aug 2016
New update to terms and issue is back:
Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]
putting the LICENSE variable in /etc/resty-auto-ssl/letsencrypt/conf.d/your_company doesn't appear to fix it.
dimitrovs
on 15 Nov 2017
As a note for the future: we announce these changes ahead of time in the API announcements category of the community forum (and there is an RSS feed available): https://community.letsencrypt.org/t/subscriber-agreement-update-november-15-2017/45607
cpu
on 15 Nov 2017
This bug has been fixed upstream by Dehydrated in version 0.4.0+. The corresponding issue is here: https://github.com/lukas2511/dehydrated/issues/346 and the fix commit is here: https://github.com/lukas2511/dehydrated/commit/6a32f20e004b9d835cd02de9d78300be02784cf1 Since 0.4.0 the URL is learned dynamically so that changes by Let's Encrypt will not break the client anymore.
https://github.com/GUI/lua-resty-auto-ssl/blob/ad1c3df82bfb78269b0599654c74062a68b2819a/Makefile#L4
The lua-resty-auto Makefile should probably be updated to pull in this newer version of Dehydrated.
cpu
on 15 Nov 2017
Agree with @cpu
In order to make lua-resty-auto-ssl work with dehydrated 0.4.0, we also had to add a dummy startup_hook into file letsencrypt_hooks and run dehydrated --account --accept-terms to update our account info.
fjros
on 15 Nov 2017
Thanks for the heads up about this issue and for the RSS feed about these type of announcements (I'll definitely subscribe to stay on top of this better). Busy at the moment, but I'll try to get the bundled version of dehydrated updated and a new release out sometime this week.
GUI
on 15 Nov 2017
@dimitrovs try naming the config file /etc/resty-auto-ssl/letsencrypt/conf.d/your_company.sh... that worked in my case.
fjros
on 16 Nov 2017
I fixed to put the following:
LICENSE="https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
in /etc/resty-auto-ssl/letsencrypt/conf.d/your_company.sh like said @fjros,
@cpu the bug has not been fixed
andreaValenzi
on 17 Nov 2017
@andreaValenzi The bug has been fixed with Dehydrated, I don't know enough about this lua-resty-auto-ssl project to understand whether that fix has been incorporated yet. Sounds like no from your experience. Hopefully @GUI will be able to address the problem when they are less busy.
cpu
on 17 Nov 2017
This should be fixed in lua-resty-auto-ssl v0.11.1 that's now available on luarocks.
To fix this, the bundled version of dehydrated has been updated to v0.4.0 and the new --accept-terms options has been enabled.
I opted to enable the --accept-terms option by default to not break backwards compatibility in this patch release. However, I am wondering whether we should instead require the user to take an explicit action to accept the terms, like dehydrated has done: https://github.com/lukas2511/dehydrated/issues/346. Instead, I've added a note to the README clarifying that using lua-resty-auto-ssl means you accepts the terms:
By using lua-resty-auto-ssl to register SSL certificates with Let's Encrypt, you agree to the Let's Encrypt Subscriber Agreement.
But I'm not sure if that's sufficient or not. Feedback is welcome is anyone has any suggestions or thoughts.
Sorry for the hiccup with this, but thanks again to everyone for reporting this!
GUI
on 17 Nov 2017
I think because we're lazily fetching as much certificates, thus not always renewing but also fetching new certificates (which would need the correct agreement url for dehydrated to do it, as far as I understand it), this would require the administrator to keep the url up to date.
I'd rather have it the way you put it, and if not, add a config setting that's named accept-letsencrypt-terms or so that must be set to true in the config.
Besides, can we close this?
Cl1608Ho
on 3 Dec 2017
yep, this is history as of https://github.com/GUI/lua-resty-auto-ssl/commit/f33b7c625bb8003995876aeb9a492b283c47d07e :)
luto
on 25 Dec 2017
Related issues
brendon
·
9Comments
discobean
·
8Comments
sahildeliwala
·
16Comments
stackrainbow
·
20Comments
ronaldgetz
·
10Comments
Most helpful comment
This should be fixed in lua-resty-auto-ssl v0.11.1 that's now available on luarocks.
To fix this, the bundled version of dehydrated has been updated to v0.4.0 and the new
--accept-termsoptions has been enabled.I opted to enable the
--accept-termsoption by default to not break backwards compatibility in this patch release. However, I am wondering whether we should instead require the user to take an explicit action to accept the terms, like dehydrated has done: https://github.com/lukas2511/dehydrated/issues/346. Instead, I've added a note to the README clarifying that using lua-resty-auto-ssl means you accepts the terms:But I'm not sure if that's sufficient or not. Feedback is welcome is anyone has any suggestions or thoughts.
Sorry for the hiccup with this, but thanks again to everyone for reporting this!