TLS-SNI-01 end-of-life

mattias · January 18, 2019, 8:59am

I currently use certbot 0.29.1 to manage my certificates. I received the email regarding TLS-SNI-01 validation reaching its end-of-life. If I understand things correctly, certbot will not be an option in the future. What other options exist for me and what are the steps I need to take to setup my new client.

My domain is: bioplan.optimeeringaqua.com

I ran this command:

It produced this output:

My web server is (include version): nginx/1.11.9 though a docker container

The operating system my web server runs on is (include version): CentOS Linux release 7.2.1511 (Core)

My hosting provider, if applicable, is: Own server with full access.

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

_az · January 18, 2019, 9:01am

You can certainly continue to use Certbot. You just need to make sure it's updated to a recent version:

certbot version

and if necessary, make sure your certificate renewal works with the HTTP validation method:

certbot renew --dry-run --preferred-challenges http

If you are on the latest Certbot version, the TLS-SNI challenge will automatically not be used.

If you can't update to the latest, you can update your /etc/letsencrypt/renewal/ file(s) with:

[renewalparams]
pref_challs = http-01

mattias · January 18, 2019, 9:16am

Thanks that helped clarify what needs to be done

system · February 17, 2019, 9:21am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.