Update acme.sh Version to 3.0.7

[zhenguang]

Upgrade acme.sh version to 3.0.7

Having ACME error on cert creation when using the older version, upgrade to 3.0.7 official as of 25 April 2024

3.0.7

[saghul]

Are no other changes required?

[zhenguang]

Tested on docker version running with no issue, didn't test on renewal etc, i suppose this would be the same since the script is to run acme.sh

[saghul]

Why 3.0.1 and not 3.0.7?

[zhenguang]

My intention was to update it to 3.0.7 (the latest version which was released as of today), i was testing on 3.0.1 to ensure that when i upgrade from 2.8.8 to 3.0.1 it's working fine, before proceeding to it's latest version 3.0.7

I've update the PR code to 3.0.7

[saghul]

Excellent!

[saghul]

I'll give it a try before merging.

[saghul]

So I tried it and it did not refresh the existing cert properly :-/ Perhaps it has something to do with switching LE engines, in version 2 Let's Encrypt was the default engine, and in version 3 it's ZeroSSL.

I think we should have a parameter controlling that default.

Deleting ~/.jitsi-meet-cfg/web/acme* and restarting made the setup work. Not sure this is an acceptable solution though.

[zhenguang]

If you start a server anew, the whole docker will not load up because of the acme failure

[saghul]

Not sure what you mean, can you clarify? Is that with the old or the new version?

[zhenguang]

With the older version

[saghul]

Yes, I can see that:

web-1      | [Mon Apr 29 10:01:08 UTC 2024] Create account key ok.
web-1      | [Mon Apr 29 10:01:08 UTC 2024] Only RSA or EC key is supported. keyfile=/config/acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
web-1      | [Mon Apr 29 10:01:08 UTC 2024] Please add '--debug' or '--log' to check more details.
web-1      | [Mon Apr 29 10:01:08 UTC 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
web-1      | [Mon Apr 29 10:01:08 UTC 2024] Run post hook:'if [[ -d /var/run/s6/services/nginx ]]; then s6-svc -u /var/run/s6/services/nginx; fi'
web-1      | Failed to obtain a certificate from the Let's Encrypt CA.

That doesn't negate what I said earlier though.

Given this, it's probably a good idea to just update at this point and make the backend configurable at a later stage.

[jplandry908]

Thanks @zhenguang / @saghul. This should resolve the issue I created last week. My conclusion was also that acme.sh needed to be upgraded. I'll do some testing and close out that issue once verified.

#1795

[saghul]

Thank you!

[jplandry908]

FYI - I confirmed that this resolved #1795.

[saghul]

Wonderful!