Hi!
I have received the mail " Action required: Let’s Encrypt certificate renewal". It says you need to check the certbot-auto version. If i check it with the command “certbot --version || /path/to/certbot-auto --version” and it says I am on 0.10.2 but when I run the cert-auto renew command it uses a virtualenv and says it is up to .30.
If I run the command “sudo certbot renew --dry-run” it does not work saying:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA… Skipping.
But if I use ./certbot-auto renew --apache it says this message for all:
Cert not yet due for renewal
How could I check which certbot I am using and if I am up to date for the expiration of the TLS-SNI-01?
This means the client is too old and does not support http authentication.
Show which certbot will be run when path is not explicitly specified: which certbot
Show all the cron jobs being run (look for those contianing "certbot": crontab -l
If none, then maybe your systems doesn't use cron jobs, try this instead: systemctl list-timers --all
That depends on the version in use: certbot --version certbot-auto --version
[if both respond with answer, this may be why you are get different results]
I have checked the version in both:
certbot --version => certbot 0.10.2
./certbot-auto --version => certbot 0.30.2
The issue is because certbot is on 0.10.2 and when I run the command “sudo certbot renew --dry-run” it uses the one from “/usr/bin/certbot”? But I am running the certbot from the letsencrypt folder.
How could I update the certbot from 0.10.2 to the last one?
If you can use certbot-auto then you don’t need certbot
If you still want to update certbot (and have both - up to date), then check here for the right instructions: https://certbot.eff.org/all-instructions/
Hi again!
When I run the command: “./certbot-auto renew --dry-run”
This is the output:
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
http-01 challenge for
…
Waiting for verification…
Cleaning up challenges
new certificate deployed with reload of apache server; fullchain is
…
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
…
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
…PEM fles…
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
If I run the command withou the dry run:
./certbot-auto renew
The following certs are not due for renewal yet:
/etc/letsencrypt/live/mydomain/fullchain.pem expires on 2019-04-20 ( skipped)
It this correct then?
How can I check if the certificates are correct? I have checked the expiration date of the certificates with the ./certbot-auto ceritificates and it says the certs expires in 81 days, but I do not know if they are correct or not.
