Action required: Let's Encrypt certificate renewals


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
data.sofgensavetax.com

I ran this command:
certbot renew --pre-hook “service nginx stop” --post-hook “service nginx start” --dry-run

It produced this output:
Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Running pre-hook command: service nginx stop
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for data.sofgensavetax.com
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0024_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0024_csr-certbot.pem

My web server is (include version):
nginx/1.6.2

The operating system my web server runs on is (include version):
Debian GNU/Linux 8 (jessie)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.9.3

We received an email regarding the end of support for ACME TLS-SNI-01 domain validation and that we need to update our ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01) or our certificate renewals will break and existing certificates will start to expire.

But from the output above, does this mean that we are already using http-01 domain validation and no need to perform any changes or whatsoever?

Apologies if my question may sound a bit stupid. I’m really new to this and still learning.
Thank you in advance.


#2

You are using HTTP-01. You’re probably – but not definitely – okay.

I’m confused that it worked after running “service nginx stop”.

Would you mind posting the contents of the files in /etc/letsencrypt/renewal/?

For what it’s worth, the newest version of Certbot in jessie-backports is 0.10.2. You can upgrade.

0.10.2 is still very old, though.