Many users have recently started to receive emails from Let’s Encrypt warning them that they need to do something, either to upgrade to ACME V2 or regarding ‘Multiple domain validation requests from diverse network vantage points’. If this has affected you, please read on:
"ACME V1 Protocol Deprecated"
Let’s Encrypt have retired their v1 API and moved to a newer v2 API. If you are already on the latest v4.x version of Ceritfy The Web and your certificates are renewing successfully then there is nothing more you need to do. We introduced support for the v2 API in July 2018.
"Action required: New feature and your Let’s Encrypt integration"
If you have received this notice, Let’s Encrypt are telling you that they think either:
- If you are using the default HTTP validation, your web server may be blocking http requests from some network routes. Some people do this to stop spam traffic but Let’s Encrypt may attempt validate from a country block you don’t usually allow, so you will need to remove these firewall blocks at least for requests to /.well-known/acme-challenge/ paths on your web servers.
- If you are using DNS validation, your DNS propagation may be taking too long or your DNS provider may be blocking DNS queries from certain IP ranges/country blocks. As of v4.1.7 all DNS providers (such as AWS Route 53) have configurable DNS Propagation in Certify however if all your DNS nameservers are updating the most likely problem is that DNS queries are being blocked. See also this LE community discussion: https://community.letsencrypt.org/t/during-secondary-validation-incorrect-txt-record/113643/4