Fwd: Ansible ACME v2 client polling /acme/issuer-cert endpoint
It seems we need to change how our ansible play generates LetsEncrypt
certs. I'll create an issue for it too
-------- Forwarded Message --------
Subject: ACME v2 client polling /acme/issuer-cert endpoint
Date: Fri, 11 Dec 2020 16:34:02 -0800
From: Aaron Gable <aaron@letsencrypt.org>
To: paddatrapper@debian.org
Hi,
As part of our due diligence prior to shutting down the ACME v2 API's
/acme/issuer-cert endpoint, we detected that an ACME v2 client with
useragent `ansible-httpget` and associated with contact address
`paddatrapper@debian.org <mailto:paddatrapper@debian.org>` appears to
poll the endpoint in between issuances.
For example, we saw the client complete an issuance for
`jitsi-sandbox.video.fosdem.org <http://jitsi-sandbox.video.fosdem.org>`
on 2020-12-07 at 07:38 UTC, then poll the issuer-cert endpoint 13 times
over the next ~36 hours, then begin another issuance for
`vogol-sandbox.video.fosdem.org <http://vogol-sandbox.video.fosdem.org>`
on 2020-12-08 at 20:37 UTC.
Yours appears to be the only client exhibiting this behavior, so we
assume you have something custom running. *Please update your client to
not query the /acme/issuer-cert endpoint before we remove it on
Thursday, Jan 7, 2021.*
More information can be found here:
https://community.letsencrypt.org/t/acme-v2-removing-acme-issuer-cert-endpoint/140382
<https://community.letsencrypt.org/t/acme-v2-removing-acme-issuer-cert-endpoint/140382>
Thank you,
Aaron, on behalf of Let's Encrypt
Reply to: