Debian Jessie and Debian Stretch include dehydrated, a useful command line tool for managing Let’s Encrypt certificates. We use it fairly extensively for managing certificates throughout our servers and with our managed customers. Unfortunately due to a change in capitalisation at Let’s Encrypt, the standard copy of dehydrated shipped with Debian Jessie and Debian Stretch is no longer compatible. As there’s no package in backports, we’ve spun our own packages of a newer version of dehydrated which is available on our mirror server.
If you use the older version you’ll see an error like
"detail": "JWS has no anti-replay nonce",
“detail”: “Malformed account ID in KeyID header URL: “https://acme-v02.api.letsencrypt.org/acme/acct/””,
The fix is very simple, you just need to install our dehydrated packages. This is very easy to do.
First add our signing keys
wget -O - -q https://email@example.com | apt-key add -
Then the correct repository based on your version of Debian
echo deb http://packages.mythic-beasts.com/mythic/ jessie main >/etc/apt/sources.list.d/packages.mythic-beasts.com.list
echo deb http://packages.mythic-beasts.com/mythic/ stretch main >/etc/apt/sources.list.d/packages.mythic-beasts.com.list
apt-get install --only-upgrade dehydrated
and your copy of dehydrated will be updated to 0.6 and your certificates can be created as normal.