Certbot 0.29 tls-sni-01

Hey together,

because of TLS-SNI-01 is deprecated, and will stop working soon, i updated certbot to 0.29.1, ran a dry-run, but tls-sni-01 is still used.

In my /etc/letsencrypt/renewal/DOMAIN.conf is nothing About the challenges configured. Im wondering Version = 0.23.0 is listed in this file.

Is there any other location where tls-sni-01 could be prefered?

Thanks in Advance.

My domain is:
pader-steuer.de

I ran this command:
sudo certbot renew --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.pader-steuer.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for pader-steuer.de
tls-sni-01 challenge for www.pader-steuer.de
TLS-SNI-01 is deprecated, and will stop working soon.
Waiting for verification...
Cleaning up challenges
Resetting dropped connection: acme-staging-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/www.pader-steuer.de/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/www.pader-steuer.de/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

My web server is (include version):

Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version):

CentOS Linux release 7.3.1611

My hosting provider, if applicable, is:

Selfhosted

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.29.1

Hi,

Could you please check each of the items from the following post:

Since you are on CentOS, the final item would be more like:

rpm -qa | grep -iE "certbot"
1 Like

Thank you very much, I didn’t update the Apache Plugin (it was on 0.23) updated it and everything works like a charm.

Greetings
Jonas

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.