Ensuring Renewals Work With Certbot


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: one of over 60

I ran this command:
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
cd /opt/letsencrypt
./letsencrypt-auto --apache -d mydomain

It produced this output:
A valid certificate at the time

My web server is (include version): Ubuntu 16.04 LTS

The operating system my web server runs on is (include version):
Ubuntu 16.04 LTS

My hosting provider, if applicable, is:
DigitalOcean Inc

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I run command when due to expire, ./certbot-auto renew

Please can someone confirm for me what needs to be done to ensure the certificate renewals work as required on 13th Feb.
Do I just need to make sure Cerbot is version 0.30? I have over 60 sites with Cloudflare so is going to be a lot of work disabling the Cloudflare SSL to check the origin server ssl and running LetsDebug to test all sites.
Thanks


#2

As long as you are on 0.28 or higher, and you do not have any explicit challenge preferences set to TLS-SNI-01, you should be fine. You can check for the latter with:

grep -Ri pref_challs /etc/letsencrypt/renewal

#3

The provided command

grep -Ri pref_challs /etc/letsencrypt/renewal

Provides no results
Thanks for confirming its version 0.28 + I require.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.