Trying to figure out where I used ACME TLS-SNI-01 cert and how to fix


#1

My domain is: oslospeiderne.no, claire-ai.org, intueri.no (claire is on it’s on own server)

I ran this command: Followed digital ocean guide for Ubuntu 16.04 and 18.04 (16.04 for claire-ai. 18.04 for the two others). Installed using ppa:certbot/certbot withe the python-certbot-nginx package

My web server is (include version):
For ubuntu 18.04 server: nginx version: nginx/1.14.0 (Ubuntu)
For ubuntu 16.04 server: nginx version: nginx/1.10.3 (Ubuntu)
Both of these servers send emails tot he same address, so I could not tell which server the error was at (or if at both)

The operating system my web server runs on is (include version): Ubuntu 18.04 and Ubuntu 16.04. Both updated regularly (at least once a week, security updates every day)

My hosting provider, if applicable, is: I run VPS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Certbot version on both servers: certbot 0.28.0, installed via PPA.

I can’t figure out where I’m using a TLS-SNI-01 cert, the email said my let’s encrypt client issued one in the past 60 days. The email asked me to update my ACME client but 0.28.0 is the newest version in the PPA as far as I can see, is the PPA no longer viable? Or how can I fix this error.

Thank you fro all replies!


#2

Certbot 0.28.0 is good.

Can you run “grep pref_challs /etc/letsencrypt/renewal/*” and “sudo certbot renew --dry-run”?


#3

grep pref_challs /etc/letsencrypt/renewal/* returned nothing on both servers

dry run ran http-01 challenges for all certs


#4

At this point you’re probably okay.

You might have used TLS-SNI validation shortly before upgrading to 0.28.0.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.