It seems like our clients are getting the TLS-SNI-01 update warning notifications, but none so far seem to have that as the active authentication method. The authenticator configs are all listed as
nginx, but they’re still getting the emails about needing to update.
Am I missing something here?
Example domain is: https://sacredplaces.org/
I ran this command:
certbot renew --dry-run
It produced this output:
# Options used in the renewal process [renewalparams] account = ACCOUNT_ID_HERE server = https://acme-v02.api.letsencrypt.org/directory authenticator = nginx installer = nginx ...skipping... Renewing an existing certificate Performing the following challenges: http-01 challenge for sacredplaces.org Waiting for verification... Cleaning up challenges ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates below have not been saved.) Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/sacredplaces.org/fullchain.pem (success) ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates above have not been saved.)
My web server is (include version): nginx
The operating system my web server runs on is (include version): CentOS 7
I can login to a root shell on my machine (yes or no, or I don’t know): yes
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
certbot 0.26.1 (other clients have been on
Out of caution we’ll be updating this particular client, but all other signs point to them being good to go already.