Re: SCP Update and Lets Encrypt ACME 2
Can someone share smooth guidelines for updating SCP from 1.4.3 till current version 1.4.6 ?
With this latest update, Lets Encrypt requirement of ACME 2 gets resolved rite ?
Thanks in advance.
You can find a guide to update at https://solidcp.com/kb/update/solidcp-update-script-powershell/.
Win-ACME has released a newer version of their client to deal with a few changes in ACMEv2 which will be included in the next version. You are able to replace the Win-ACME file when downloading the client from https://www.win-acme.com/ and overriding the files found at C:SolidCPServerbinLetsEncrypt. I have tested v126.96.36.1998 (RELEASE, PLUGGABLE) and it works fine with the latest released SolidCP.
I found the version of WACS that comes with SolidCP 1.4.6 runs fine on Win 2016 +
On my 2012 boxes it didn't and i simply replaced with the latest WACS (ensure to put the json files in as well).
It may or may not be related to the OS version though, it could be tied to when the master LetsEncrypt account from those servers was created. I think the issue was related to Letsencrypt removing the ability to use GET verb and only allowing POST.
Using latest WACS seems to be working fine with SolidCP 1.4.6 anyway so recommend just updating all your servers to it. In fact its working better than ever, although still does not give an error when HTTP auth fails, that confuses users a lot.
Then there is the matter of importing the old LEWS certificates into it.
I believe they will start failing renewal in 2021 so will need importing into WACS.
I have not yet done this import, but have documented what needs doing and will be testing it soon.
Basically the old version before SolidCP changed to WACS on my installs was 1.9.7, so start upgrading and importing from here:
If anyone else has any input or feedback on all this then that would be good to get it all in one thread.
We are currently aware of the issue of no errors feed back to SolidCP and it is planned for this to be worked on in future however it may require we move from WACS to ACMESharpCore.
With regards to upgrading between the versions it would be good to have some input from the community of what they would like to see from this?
This might be slightly off-topic, but here's something I'd like to see:
The control panel should show the correct expiration date of whatever certificate is installed on the site, regardless of whether the installation or renewal was done through SolidCP.
People complain to me when the control panel shows an expired certificate, which often happens with LetsEncrypt, even when the certificate auto-renewed successfully. Thanks!