A long time ago i migrated from certbot to the acmetool due to its simplicity and much better design. It is still working perfectly, managing many certificates without any headache. The only problem was new (V2) ACME API, which will be mandatory to use starting from July 2020. The development of acmetool is not very active, but at some point, the author provided a new (beta) release with V2 protocol support. The migration process is not documented, so I decided to make this blog post.
How to migrate
I would recommend starting with the backup of the
ACME_STATE_DIR directory first. It should be located on
/var/lib/acme on Linux and
/var/db/acme on the FreeBSD. During migration content of the directory will be changed.
Next thing is to install the new binary. I already updated acmetool FreeBSD port and found that it is also updated in the Debian SID. If your OS does not have it updated yet – binary could be easily build using a recent golang compiler. When the binary upgrade is done – you can run
acmetool status and it will show you your existing domains. Now run
acmetool quickstart and choose
Let's Encrypt (Live v2) server. Continue with configuration. When done – run
acmetool status – all your existing domains should use V2 API from now. Last step is to go to the
/var/lib/acme/accounts and remove directory started with
acmetool status again to validate that only the V2 account is now available.
I did it on a number of the Linux and FreeBSD servers and everything went just fine.