"Action Required" EOL email received - Now what?


My domain is: jewelbound.com

I ran this command:

sudo letsencrypt renew

It produced this output:

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/jewelbound.com/fullchain.pem expires on 2019-04-10 (skipped)
No renewals were attempted.

My web server is (include version):
Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version):
Apache/2.4.18 (Ubuntu) ??

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I don’t know.

I’m a little out of my element with managing web servers, etc., so I apologize in advance.

I received that EOL email and tried to find answers by searching various portions of my email in these forums, but could not find out what my next steps should be.

Here’s the email I received (see full email here)

Your Let’s Encrypt client used ACME TLS-SNI-01 domain validation to issue
a certificate in the past 60 days. Below is a list of names and IP
addresses validated (max of one per account):

jewelbound.com ( on 2019-01-10

TLS-SNI-01 validation is reaching end-of-life. It will stop working
temporarily on February 13th, 2019, and permanently on March 13th, 2019.
Any certificates issued before then will continue to work for 90 days
after their issuance date.

You need to update your ACME client to use an alternative validation
method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your
certificate renewals will break and existing certificates will start to

I tried to renew my letsencrypt certificate by running sudo letsencrypt renew from the command line on my server, but it said my certs aren’t due for renewal.

I went here: https://letsencrypt.org/docs/staging-environment/ but didn’t know what to do in order to test my site and see if I’m going to be okay or whether I need to update something.

I’m not sure if I’m using Certbot.

If someone could give me some instructions (for a novice) on what I need to do next I would so much appreciate it!


Hi @jord8on,

You should try sudo letsencrypt renew --dry-run, which uses the staging environment and goes through the renewal process even when your certificates aren’t due for renewal. This is the kind of staging environment test that other documentation is referring to.


You are—the letsencrypt software was renamed to certbot in May 2016:


lsb_release -a” and “sudo letsencrypt --version” should be able to say what OS and what version of letsencrypt you’re using.

closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.