Get email again, Action required: Let's Encrypt certificate renewals


#1

Hy, I have some domain in my server. When i get email Action required: Let’s Encrypt certificate renewals for domain “abc1.domain.com”, i follow step How to stop using TLS-SNI-01 with Certbot.
In this tutorial:

  1. certbot version must 0.28 or higher, (Done : my cerbot version : 0.28)
  2. sudo certbot renew --dry-run, If the dry run succeeds, you’re good to go (Done, dry run succeeds)
  3. and then i use command : “certbot renew” to renew all my domain in server.

I think, all my domain finished to update ACME client to use an alternative validation method
(HTTP-01, DNS-01 or TLS-ALPN-01).

But, a few weeks later, i get same email, Action required: Let’s Encrypt certificate renewals, but different domain in same server, “abc2.domain.com”.

How i know all my domain already update ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01)?

Please help me with step by step.
Thanks.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.printerqoe.com

I ran this command:

It produced this output:

My web server is (include version): nginx/1.10.3

The operating system my web server runs on is (include version): Ubuntu 16.04 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0


#2

Hi @septian

you have a certificate, that’s 77 days valid:

CN=printerqoe.com
	21.02.2019
	22.05.2019
expires in 77 days	printerqoe.com, www.printerqoe.com - 2 entries

If --dry-run has worked, I would wait.

Check, if the renew works (2019-04-29). If not, renew manual with

certbot --renew --preferred-challenges http

to change your config file.


#3

This doesn’t necessarily mean that there’s a problem. --dry-run is performing a test of how the software will interact with the CA in the future, but it’s not changing how the software interacts at present.


#4

Ok, I would wait. So, my domain already update ACME client (HTTP-01, DNS-01 or TLS-ALPN-01)?


#5

Ok, how can i check the domain already update ACME client (HTTP-01, DNS-01 or TLS-ALPN-01)?


#6

According to our current advice

we think this already means that it’s OK.


#7

Ok, thank you for your information.