TLS-SNI validation reaching end of life

jayposs · 2019-01-18 16:51:43 UTC

Got email with following message:

You need to update your ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your certificate renewals will break and existing certificates will start to expire

Is there some standard documentation you guys provide for this issue ?

My domain is:
fuseonconnection.com
I ran this command:

It produced this output:

My web server is (include version):
Go http web server in std lib
The operating system my web server runs on is (include version):
Centos 7.6
My hosting provider, if applicable, is:
Rackspace
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

rg305 · 2019-01-18 17:17:39 UTC

I don’t know of any (a wiki would be nice).
But checking your domain, I can see that port 80 doesn’t reach your server.
If your ISP blocks port 80 then HTTP-01 is not an option for you.
Otherwise, you will need to ensure the Internet can reach your server over TCP port 80.

OR use DNS-01 validation method.
Not as “simple” but if your DNS service provider is supported, you can use a DNS plugin to automate the renewals.

mnordhoff · 2019-01-19 04:57:56 UTC

What ACME client are you using? What version of it?

jayposs · 2019-01-19 18:22:46 UTC

Matt,

I’m using certbot version .29

Figured out fix.

Old renewal process used port 443 which was open.
New renewal process needed to use port 80 which was not open.
Opened port 80 and renewal worked.
Thanks,

Jay

system · 2019-02-18 18:22:52 UTC

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.