Renewe certbot certificate


#1

Hi!
I have received the mail " Action required: Let’s Encrypt certificate renewal". It says you need to check the certbot-auto version. If i check it with the command “certbot --version || /path/to/certbot-auto --version” and it says I am on 0.10.2 but when I run the cert-auto renew command it uses a virtualenv and says it is up to .30.
If I run the command “sudo certbot renew --dry-run” it does not work saying:

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA… Skipping.

But if I use ./certbot-auto renew --apache it says this message for all:

Cert not yet due for renewal

How could I check which certbot I am using and if I am up to date for the expiration of the TLS-SNI-01?

Thanks!!!


#2

This means the client is too old and does not support http authentication.

Show which certbot will be run when path is not explicitly specified:
which certbot

Show all the cron jobs being run (look for those contianing “certbot”:
crontab -l
If none, then maybe your systems doesn’t use cron jobs, try this instead:
systemctl list-timers --all

That depends on the version in use:
certbot --version
certbot-auto --version
[if both respond with answer, this may be why you are get different results]


#3

Hi!

which certbot:

/usr/bin/certbot

I have checked the version in both:
certbot --version => certbot 0.10.2

./certbot-auto --version => certbot 0.30.2

The issue is because certbot is on 0.10.2 and when I run the command “sudo certbot renew --dry-run” it uses the one from “/usr/bin/certbot”? But I am running the certbot from the letsencrypt folder.

How could I update the certbot from 0.10.2 to the last one?

Thanks!!


#4

If you can use certbot-auto then you don’t need certbot

If you still want to update certbot (and have both - up to date), then check here for the right instructions:
https://certbot.eff.org/all-instructions/


#5

Hi again!
When I run the command: “./certbot-auto renew --dry-run”

This is the output:

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
http-01 challenge for

Waiting for verification…
Cleaning up challenges


new certificate deployed with reload of apache server; fullchain is

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for


** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
…PEM fles…
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)


If I run the command withou the dry run:
./certbot-auto renew


Processing /etc/letsencrypt/renewal/mydomain.conf
Processing /etc/letsencrypt/renewal/myotherdomain.conf
Processing /etc/letsencrypt/renewal/myotherdomain.conf
Processing /etc/letsencrypt/renewal/myotherdomain.conf


Cert not yet due for renewal

The following certs are not due for renewal yet:
/etc/letsencrypt/live/mydomain/fullchain.pem expires on 2019-04-20 ( skipped)

It this correct then?
How can I check if the certificates are correct? I have checked the expiration date of the certificates with the ./certbot-auto ceritificates and it says the certs expires in 81 days, but I do not know if they are correct or not.

Thanks!!


#6

Hi @rogerillu

then it’s ok. Wait two months, then check, if your certificates are renewed.

You can use tools like https://check-your-website.server-daten.de/ (own tool) to check your certificates. There you see the relevant informations.


#7

Hi! Thanks a lot for the answers and the information. Very usefull! :slight_smile:


closed #8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.