My domain is: daweb.site, mail.daweb.site
I ran this command: N/A (automated e-mail)
It produced this output: Like most others, got a random e-mail about using TLS-SNI
My web server is (include version):Server version: Apache/2.4.6 (CentOS)
The operating system my web server runs on is (include version): Centos 7
My hosting provider, if applicable, is: Self
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
I’m using certbot 0.23.0, from the standard repo’s and guide on https://certbot.eff.org/lets-encrypt/centosrhel7-apache. Trying to use “preferred-challenge http-01” gives me an error, but when I had run the --dry-run before without the challenge it succeeded. Error is:
Attempting to renew cert (daweb.site) from produced an unexpected error: Deserialization error: Could not decode ‘status’ (u’ready’): Deserialization error: Status not recognized. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/fullchain.pem (failure)
Based on reading other topics:
Renewal conf does not have standalone nor tls-sni
renew_before_expiry = 30 days
version = 0.23.0
archive_dir = directory/daweb.site
cert = directory/cert.pem
privkey =directory/privkey.pem
chain =directory/chain.pem
fullchain = directory/fullchain.pem
Options used in the renewal process
[renewalparams]
authenticator = apache
installer = apache
account = snipped
Output when certbot ran without the preferred challenge.
[root@DaLinux letsencrypt]# certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/daweb.site.conf
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for daweb.site
http-01 challenge for mail.daweb.site
Waiting for verification…
Cleaning up challenges
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/daweb.site/fullchain.pem
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)