Ensuring Renewals Work With Certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: one of over 60

I ran this command:
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
cd /opt/letsencrypt
./letsencrypt-auto --apache -d mydomain

It produced this output:
A valid certificate at the time

My web server is (include version): Ubuntu 16.04 LTS

The operating system my web server runs on is (include version):
Ubuntu 16.04 LTS

My hosting provider, if applicable, is:
DigitalOcean Inc

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I run command when due to expire, ./certbot-auto renew

Please can someone confirm for me what needs to be done to ensure the certificate renewals work as required on 13th Feb.
Do I just need to make sure Cerbot is version 0.30? I have over 60 sites with Cloudflare so is going to be a lot of work disabling the Cloudflare SSL to check the origin server ssl and running LetsDebug to test all sites.
Thanks

As long as you are on 0.28 or higher, and you do not have any explicit challenge preferences set to TLS-SNI-01, you should be fine. You can check for the latter with:

grep -Ri pref_challs /etc/letsencrypt/renewal
1 Like

The provided command

grep -Ri pref_challs /etc/letsencrypt/renewal

Provides no results
Thanks for confirming its version 0.28 + I require.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.