Email for End of LIfe


#1

Hello,

Action is required to prevent your Let’s Encrypt certificate renewals from breaking.

Your Let’s Encrypt client used ACME TLS-SNI-01 domain validation to issue a certificate in the past 60 days.

"TLS-SNI-01 validation is reaching end-of-life and will stop working on February 13th, 2019.

You need to update your ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your certificate renewals will break and existing certificates will start to expire.

If you need help updating your ACME client, please open a new topic in the Help category of the Let’s Encrypt community forum:
"
My domain is: https://geometricfigure.com

I ran this command: na

It produced this output: na

My web server is (include version): nginx 8

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes!

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

Hi @fornof

your configuration is good, port 80 is open.

So check your config if you use tls-sni-validation. If yes, add

--preferred-challenges http

to your command or your cli.ini - file.


#3

Thank you so much for the response.
I found /etc/letsencrypt/renewal/geometricfigure.conf and the cli.conf right above it. I added :
preferred-challenges = http

to it.
when I ran letsencrypt, I got :

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/geometricfigure.com-0001/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/geometricfigure.com-0001/privkey.pem
    Your cert will expire on 2019-04-18. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

when I run certbot renew , I get:
The following certs are not due for renewal yet:
/etc/letsencrypt/live/geometricfigure.com-0001/fullchain.pem (skipped)
/etc/letsencrypt/live/vertexmatrix.com/fullchain.pem (skipped)
/etc/letsencrypt/live/geometricfigure.com/fullchain.pem (skipped)
No renewals were attempted.

How do I check to make sure the change worked?


#4

You have already created a new certificate.

CN=geometricfigure.com
	18.01.2019
	18.04.2019
	geometricfigure.com - 1 entry

So it works.

But your configuration is incomplete ( https://check-your-website.server-daten.de/?q=geometricfigure.com ):

You have both dns entries (non www and www), but your www has the wrong certificate.

So create one certificate with two domain names and use that.


#5

Wow, thats a bunch of info!
I don’t know how to create one certificate with two domain names, so I just ran letsencrypt on all of the www and regular domains. It says it worked, but I don’t have the tool that you used to check all of those things.
Thanks for your help!


#6

add the two domains

certbot -d geometricfigure.com -d www.geometricfigure.com yourOtherOptions

The tool is online https://check-your-website.server-daten.de/?q=geometricfigure.com , you can use it.


#7

It changed when I restarted nginx and did the command.
Is it in working state now?


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.