TLS-SNI-01 validation is reaching end-of-life

Thanks - I’ve received very good communication about this from you and it’s been easy to change the verification method to the new one.

2 Likes

Good info,
Can it be that by me

Options used in the renewal process

[renewalparams]
authenticator = webroot
installer = apache
account = aaXXXXXXXXXXXXXX
[[webroot_map]]
ecoviewater.com = /var/www/ecoviewater/public_html
www.ecoviewater.com = /var/www/ecoviewater/public_html

webroot_map section does not exist ?
Is this section mandatory ?

It gets created automatically when --webroot is used (successfully) to get a cert / renew a cert.

1 Like

yes, i’m sure you helped out :wink: Great community - thanks once again.

1 Like

have you enabled fail2ban or anything else which might block Amazon IPs?
I did that, and then HTTP-01 renewal stopped working because several of the LetsEncrypt servers are hosted on Amazon.
Took a while to diagnose…

1 Like

I sympathize with UbikMZ, while fully respecting that people around here are volunteers.

It is a pity that Let’s Encrypt does not go for a commercial service with decent support. We would be happy to pay for that.

As it is, this “TLS-SSN-01” issue is just frustration for me. There aren’t even instructions for how to check if anything at all needs to be done. I still do not know if I should spend time on this or not.

Hi @joheben
I feel less alone now.

The first thing to do is to check your certification validity. You can get this info here: SSL Server Test (Powered by Qualys SSL Labs)

The info you'll get there will let you know how much time left you have to migrate.
How you have to do it is another question.
I suppose many people have succeeded, I have failed.

2 posts were split to a new topic: Certificates on failover server / listing certificates with methods

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.