Action required: Let's Encrypt certificate renewals

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail37.defacto.in,mail23.marshallcnc.com

I ran this command: certbot certonly --d webmail23.marshallcnc.com -d mail23.marshallcnc.com -d mail37.defacto.in --preferred-challenges http

It produced this output: `What would you like to do?

1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)

Select the appropriate number [1-2] then [enter] (press ā€˜cā€™ to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for webmail23.marshallcnc.com
http-01 challenge for mail23.marshallcnc.com
http-01 challenge for mail37.defacto.in
Waiting for verificationā€¦
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0004_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0004_csr-certbot.pem

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at`

My web server is (include version): Apache (2.4.25-3+deb9u6)

The operating system my web server runs on is (include version): debian -9.5(stretch)

My hosting provider, if applicable, is: self-host

I can login to a root shell on my machine (yes or no, or I donā€™t know): no

Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if youā€™re using Certbot): certbot 0.10.2

Will it works after Feb 13 2019. if not what needs to be check from my side??

2

Please try ā€œsudo certbot renew --dry-runā€.

It looks like itā€™s working, but if youā€™ve validated using TLS-SNI-01 in the last 30 days, it might be misleading.

By the way, you can get Certbot 0.28.0 from stretch-backports.

1 Like
3

@mnordhoff Thanks, its working when i use with preferred challaneges http option but default its taking TLS-SNI-01ā€¦could you please guide or share procedure to update certbot in debian stretch with backportsā€¦

4

@mnordhoff, please find output of dry-run:

Cert not due for renewal, but simulating renewal for dry run
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail23.marshallcnc.com
http-01 challenge for mail37.defacto.in
http-01 challenge for webmail23.marshallcnc.com
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0005_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0005_csr-certbot.pem
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:```

How can i get Certbot  0.28.0 in debian 8 Jessie??
5

One of these might do the trick:
https://certbot.eff.org/lets-encrypt/debianstretch-apache.html
https://certbot.eff.org/lets-encrypt/debianstretch-nginx.html
https://certbot.eff.org/lets-encrypt/debianstretch-haproxy.html
https://certbot.eff.org/lets-encrypt/debianstretch-plesk.html
https://certbot.eff.org/lets-encrypt/debianstretch-other.html

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.