Use Acme v2 if supported
I was thinking if this Acme v2 can be supported for those who wish to use it instead of v1. Currently I am using it by changing acme-v01 to acme-v02 in /usr/local/ispconfig/server/lib/classes/letsencrypt.inc.php by a simple sed -i command. This will of course will be overwritten by default ISPConfig file upon update / upgrade but I create a script to fix that, just in case version 3.1.12 is ready.
I was thinking if we can check letsencrypt or certbot version (not sure how yet but may be in the same file stated above) and then execute Acme v2 if it is supported, otherwise Acme v1 will be used instead.
This is not intended to support wildcard that is offered via Acme v2 as I understand the difficulty in accessing and updating dns server but could be a first step towards it that need not be that perfect yet.
With the above in mind, I was thinking to change the current line to something like this:
$letsencrypt_cmd = $letsencrypt . " certonly -n --text --agree-tos --expand --authenticator webroot --server
acme_version --rsa-key-size 4096 --email postmaster@
domain $cli_domain_arg --webroot-path /usr/local/ispconfig/interface/acme";
$acme_version will depends on whether letsencrypt or certbot in that server supports Acme v2 or not, so it will be https://acme-v02.api.letsencrypt.org/directory if Acme v2 is supported, or otherwise, it remains as https://acme-v01.api.letsencrypt.org/directory.
I will try to see if I can contribute further. Cheers.