Thanks - I’ve received very good communication about this from you and it’s been easy to change the verification method to the new one.
Good info,
Can it be that by me
Options used in the renewal process
[renewalparams]
authenticator = webroot
installer = apache
account = aaXXXXXXXXXXXXXX
[[webroot_map]]
ecoviewater.com = /var/www/ecoviewater/public_html
www.ecoviewater.com = /var/www/ecoviewater/public_html
webroot_map section does not exist ?
Is this section mandatory ?
It gets created automatically when --webroot is used (successfully) to get a cert / renew a cert.
yes, i’m sure you helped out Great community - thanks once again.
have you enabled fail2ban or anything else which might block Amazon IPs?
I did that, and then HTTP-01 renewal stopped working because several of the LetsEncrypt servers are hosted on Amazon.
Took a while to diagnose…
I sympathize with UbikMZ, while fully respecting that people around here are volunteers.
It is a pity that Let’s Encrypt does not go for a commercial service with decent support. We would be happy to pay for that.
As it is, this “TLS-SSN-01” issue is just frustration for me. There aren’t even instructions for how to check if anything at all needs to be done. I still do not know if I should spend time on this or not.
Hi @joheben
I feel less alone now.
The first thing to do is to check your certification validity. You can get this info here: SSL Server Test (Powered by Qualys SSL Labs)
The info you'll get there will let you know how much time left you have to migrate.
How you have to do it is another question.
I suppose many people have succeeded, I have failed.
2 posts were split to a new topic: Certificates on failover server / listing certificates with methods
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.