Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: clientmail.pdxclouds.net
So I had a cert coming up for renewal so I decided to check during the "maintenance outage" to see if my certbot client was using the "blessed" protocol. Which I did this morning, running a certbot renewal at around 10:00am. I got an error message about the servers being offline and to check https://letsencrypt.status.io/ for status.
So OK, I figured, my certbot is using the heretical protocol and needs to be changed. But just for grins, I ran the renewal request 5 minutes later - no change in options - and the certs renewed. Yet the https://letsencrypt.status.io/ is still showing down - even as I type this.
So what the fark is going on, please?
Did I renew using the heretical protocol and someone is just being lazy at updating https://letsencrypt.status.io/
Or did I renew using the blessed protocol and I'm good?
This business of "we are gonna deliberately break it to convince people to switch over" isn't going to work if the https://letsencrypt.status.io/ doesn't EXACTLY track the REAL status of whether the cert servers are deliberately in a busted status or not.
It would seem a far more OBVIOUS way of doing this would be to issue a message saying "your cert is renewed using the heretical protocol and the priests have determined you aren't blessed so repent before the end!" instead of just deliberately breaking things.
My $0.02 on this. And no I still don't know if the LetsEncrypt priests have decided if I'm among the saved or not.