Action required: Let's Encrypt certificate renewals


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:archarena.com

I ran this command:

It produced this output:

My web server is (include version):IIS

The operating system my web server runs on is (include version):Windows server 2012

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): i don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):Using IIS

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):let’s encrypt


#2

Hi @Arunkumar

your server is completely offline, I see only timeouts ( https://check-your-website.server-daten.de/?q=archarena.com ):

Domainname Http-Status redirect Sec. G
http://archarena.com/
173.220.109.12 -14 10.027 T
Timeout - The operation has timed out
http://www.archarena.com/
173.220.109.12 -14 10.027 T
Timeout - The operation has timed out
https://archarena.com/
173.220.109.12 -14 10.027 T
Timeout - The operation has timed out
https://www.archarena.com/
173.220.109.12 -14 10.027 T
Timeout - The operation has timed out
http://archarena.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
173.220.109.12 -14 10.027 T
Timeout - The operation has timed out
http://www.archarena.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
173.220.109.12 -14 10.026 T
Timeout - The operation has timed out

You have one certificate, but this has another domain name:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=p:YXJjaGFyZW5hLmNvbTp0cnVlOnRydWU6OkVBRT0&cert_search=include_expired:true;include_subdomains:true;domain:archarena.com&lu=cert_search_cert

How did you create that certificate? There ( https://check-your-website.server-daten.de/?q=apps.archarena.com ) the

/.well-known/acme-challenge/ 

works, sends a correct 404 (file not found).


#3

Hi,

i got this email"Action required: Let’s Encrypt certificate renewals", i would like to know how to check my let’s encrypt software using TLS-SNI-01 validation? Please let me know.

Thanks,
Arunkumar A


#4

Then please answer the questions:

Command - output - version.

There are different “Letsencrypt - Clients” named Letsencrypt.

How did you create your certificate?

It’s valide 2019-03-06, so it’s not critical. Check if the renew the next two times work. If yes, you can ignore the mail.


#5

Hi,

Sorry for the late reply, we are using http-01 validation, I will share my output file ASAP.

Thanks,

Arunkumar A


#6

If you use already http-01 - validation, all should be fine. The problem is the tls-sni-validation, this is deprecated. So people have to switch from tls-sni to http- or dns-validation.


#7

Hi,

In the let’s encrypt we are selecting option 4 for validation that is [http-01] create temporary application in IIS(Recommended),

is this okay?

Thanks,

Arunkumar A


#8

If you use http-01 validation, then it’s ok. http-01 validation is the standard method to validate a domain name.


#9

I’ve never seen this option before.
What is the actual ACME client program name/URL?


#10

Hi,

FYI

We are creating the SSL certificate using the option number 4,

please let me know in case of any issues on this renewal.

Thanks,

Arunkumar A


#11

Has option #4 [HTTP-01] worked before?

Have you tried option #1 [TLS-SNI-01]?

Have you tried option #5 [HTTP-01]?


#12

Yes, we used to create a SSL certificate with option 4, it worked fine.

Is it okay right?

Thanks,

Arunkumar A


#13

Yes, any option with HTTP-01 is ideal.
Can you try using option #5 (also HTTP-01)?