From b24d9dddc33c0e5d92c22e3a148ba061570ba70a Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Tue, 3 Apr 2018 17:55:12 -0700 Subject: [PATCH] Revert ACMEv2 default (#5819) * Revert "document default is ACMEv2 (#5818)" This reverts commit 2c502e6f8b09898e958f96cff3ef47ba1b8afdc4. * Revert "Update default to ACMEv2 server (#5722)" This reverts commit 4d706ac77e3eabb3134d0ea75ab76fd58b412bb6. --- certbot/constants.py | 2 +- docs/using.rst | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/certbot/constants.py b/certbot/constants.py index 9da5415d4..0d0ee8d3f 100644 --- a/certbot/constants.py +++ b/certbot/constants.py @@ -84,7 +84,7 @@ CLI_DEFAULTS = dict( config_dir="/etc/letsencrypt", work_dir="/var/lib/letsencrypt", logs_dir="/var/log/letsencrypt", - server="https://acme-v02.api.letsencrypt.org/directory", + server="https://acme-v01.api.letsencrypt.org/directory", # Plugins parsers configurator=None, diff --git a/docs/using.rst b/docs/using.rst index f478eb550..7a25a5cc2 100644 --- a/docs/using.rst +++ b/docs/using.rst @@ -871,16 +871,24 @@ Example usage for DNS-01 (Cloudflare API v4) (for example purposes only, do not Changing the ACME Server ======================== -By default, Certbot uses Let's Encrypt's ACMEv2 production server at -https://acme-v02.api.letsencrypt.org/. You can tell Certbot to use a +By default, Certbot uses Let's Encrypt's initial production server at +https://acme-v01.api.letsencrypt.org/. You can tell Certbot to use a different CA by providing ``--server`` on the command line or in a :ref:`configuration file ` with the URL of the server's ACME directory. For example, if you would like to use Let's Encrypt's -initial ACMEv1 server, you would add ``--server -https://acme-v01.api.letsencrypt.org/directory`` to the command line. +new ACMEv2 server, you would add ``--server +https://acme-v02.api.letsencrypt.org/directory`` to the command line. Certbot will automatically select which version of the ACME protocol to use based on the contents served at the provided URL. +If you use ``--server`` to specify an ACME CA that implements a newer +version of the spec, you may be able to obtain a certificate for a +wildcard domain. Some CAs (such as Let's Encrypt) require that domain +validation for wildcard domains must be done through modifications to +DNS records which means that the dns-01_ challenge type must be used. To +see a list of Certbot plugins that support this challenge type and how +to use them, see plugins_. + Lock Files ==========