Action is required to prevent your Let's Encrypt certificate renewals from breaking Ubunty 14.04 (Trusty Tahr)

About this question should I do something about this?

I have banned some IP:s there might be some Amazon Web Services.

Should I just run like yassinMk suggested

/root/certbot-auto –force-renewal

Is it renew all certiticates?

If you run “/root/certbot-auto renew --dry-run” again, does it work?

I run it again: /root/certbot-auto renew --dry-run

AND
“Congratulations, all renewals succeeded. The following certs have been renewed:”

So the original question do I have to worried about:
“TLS-SNI-01 validation is reaching end-of-life and will stop working on February 13th, 2019.”

Please answer it! So I can do something about it. Or just feel happy because everything is ok about https issue.

You’re probably okay! :slightly_smiling_face:

Do you still have Certbot 0.14.2 installed?

Yes I have Certbot 0.14.2 which never update
and Certbot-auto which updates often

It’s strange that Certbot 0.14.2 isn’t updating. The current version in the PPA is 0.28.0.

It makes me nervous that it’s still installed. If you accidentally start using it in the future, it might not work.

Still, as long as you only use certbot-auto, you shouldn’t have any problems.

I have use certbot-auto all the time…

Anyway can certbot-auto do all the same things that certbot? And other why I got the email if I
do not use ACME TLS-SNI-01 domain validation? Or do I use?

This ./certbot-auto renew --dry-run print logs an there is line “http-01 challenge for template.eco-toimistotarvikkeet.fi”.and all myt other domains too had same http-01 challenge for… line
so I thiink I use currently http-01 and not TLS-SNI-01.


Processing /etc/letsencrypt/renewal/template.eco-toimistotarvikkeet.fi.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for template.eco-toimistotarvikkeet.fi
Waiting for verification…
Cleaning up challenges


new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/template.eco-toimistotarvikkeet.fi/fullchain.pem


Yes, unless you were using the DNS plugins (which you almost definitely weren't).

I don't know. :confused: It's strange.

I'm concerned that you might be using Certbot 0.14.2 sometimes. Like if there's a cron job you haven't been able to find.

Hi Guys, i got that e-mail and i tryed the following but get an error:

root@vmd13239:/home/magento# sudo ./certbot-auto renew -force-renewal --dry-run --preferred-challenges http
Creating virtual environment…
Installing Python packages…
Installation succeeded.
usage:
certbot-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: -force-renewal

Even i got the error “-force-renewal”, can i start the installation without dry-run`?

@googelie When using --dry-run, you can just remove that option.

If you want to use it at another time, it’s --force-renewal with two - at the beginning, not -force-renewal.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.