Action required: Let's Encrypt certificate renewals


#1

I too received the following mail:

Hello,

Action is required to prevent your Let’s Encrypt certificate renewals from breaking.

Your Let’s Encrypt client used ACME TLS-SNI-01 domain validation to issue a certificate in the past 60 days.

TLS-SNI-01 validation is reaching end-of-life and will stop working on February 13th, 2019.

You need to update your ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your certificate renewals will break and existing certificates will start to expire.

If you need help updating your ACME client, please open a new topic in the Help category of the Let’s Encrypt community forum:

https://community.letsencrypt.org/c/help

Please answer all of the questions in the topic template so we can help you.

For more information about the TLS-SNI-01 end-of-life please see our API announcement:

Thank you,
Let’s Encrypt Staff

I ran this command:
./certbot-auto --dry-run
It produced this output:
Succeded on all domains.
My web server is (include version):
Apache/2.4.7 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 14.04.4 LTS
My hosting provider, if applicable, is:
Hetzner
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.30.0


#2

I was able to run the command ./certbot-auto --dry-run and it succeeded on all the domains.
In the process i see that certbot was updated from 0.21.0 to 0.30.0.

Just to clarify i need to know if that is sufficient in terms of updating the ACME client.
I have not done anything else. Do i need to upgrade any packages as well or am i good to go?


#3

You should be good to go :slight_smile:


#4

Thank you very much!
Thought it was a way bigger process than this :slight_smile:


#5

To be 100% sure: Double check the logs to see it says “http-01” in the challenges - which is should.


#6

./certbot-auto renew --dry-run?


#7

Yes of course ./certbot-auto renew --dry-run

Wrote it from memory - my bad!


#8

Great! Logs says http-01 challenge for <my.domain.com>


#9

Then we are good to go!!!


closed #10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.