Get email again, Action required: Let's Encrypt certificate renewals

Hy, I have some domain in my server. When i get email Action required: Let’s Encrypt certificate renewals for domain “abc1.domain.com”, i follow step How to stop using TLS-SNI-01 with Certbot.
In this tutorial:

  1. certbot version must 0.28 or higher, (Done : my cerbot version : 0.28)
  2. sudo certbot renew --dry-run, If the dry run succeeds, you’re good to go (Done, dry run succeeds)
  3. and then i use command : “certbot renew” to renew all my domain in server.

I think, all my domain finished to update ACME client to use an alternative validation method
(HTTP-01, DNS-01 or TLS-ALPN-01).

But, a few weeks later, i get same email, Action required: Let’s Encrypt certificate renewals, but different domain in same server, “abc2.domain.com”.

How i know all my domain already update ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01)?

Please help me with step by step.
Thanks.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.printerqoe.com

I ran this command:

It produced this output:

My web server is (include version): nginx/1.10.3

The operating system my web server runs on is (include version): Ubuntu 16.04 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

Hi @septian

you have a certificate, that’s 77 days valid:

CN=printerqoe.com
	21.02.2019
	22.05.2019
expires in 77 days	printerqoe.com, www.printerqoe.com - 2 entries

If --dry-run has worked, I would wait.

Check, if the renew works (2019-04-29). If not, renew manual with

certbot --renew --preferred-challenges http

to change your config file.

1 Like

This doesn’t necessarily mean that there’s a problem. --dry-run is performing a test of how the software will interact with the CA in the future, but it’s not changing how the software interacts at present.

Ok, I would wait. So, my domain already update ACME client (HTTP-01, DNS-01 or TLS-ALPN-01)?

Ok, how can i check the domain already update ACME client (HTTP-01, DNS-01 or TLS-ALPN-01)?

According to our current advice

we think this already means that it’s OK.

Ok, thank you for your information.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.