Action required: Let's Encrypt certificate renewals


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail37.defacto.in,mail23.marshallcnc.com

I ran this command: certbot certonly --d webmail23.marshallcnc.com -d mail23.marshallcnc.com -d mail37.defacto.in --preferred-challenges http

It produced this output: `What would you like to do?

1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for webmail23.marshallcnc.com
http-01 challenge for mail23.marshallcnc.com
http-01 challenge for mail37.defacto.in
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0004_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0004_csr-certbot.pem

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at`

My web server is (include version): Apache (2.4.25-3+deb9u6)

The operating system my web server runs on is (include version): debian -9.5(stretch)

My hosting provider, if applicable, is: self-host

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.10.2

Will it works after Feb 13 2019. if not what needs to be check from my side??


#2

Please try “sudo certbot renew --dry-run”.

It looks like it’s working, but if you’ve validated using TLS-SNI-01 in the last 30 days, it might be misleading.

By the way, you can get Certbot 0.28.0 from stretch-backports.


#3

@mnordhoff Thanks, its working when i use with preferred challaneges http option but default its taking TLS-SNI-01…could you please guide or share procedure to update certbot in debian stretch with backports…


#4

@mnordhoff, please find output of dry-run:

Cert not due for renewal, but simulating renewal for dry run
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail23.marshallcnc.com
http-01 challenge for mail37.defacto.in
http-01 challenge for webmail23.marshallcnc.com
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0005_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0005_csr-certbot.pem
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:```

How can i get Certbot  0.28.0 in debian 8 Jessie??

#5

One of these might do the trick:
https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
https://certbot.eff.org/lets-encrypt/debianstretch-nginx.html
https://certbot.eff.org/lets-encrypt/debianstretch-haproxy.html
https://certbot.eff.org/lets-encrypt/debianstretch-plesk.html
https://certbot.eff.org/lets-encrypt/debianstretch-other.html


closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.