Your Let’s Encrypt client used ACME TLS-SNI-01 domain validation to issue a certificate in the past 60 days


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: robert-chalmers.uk and quantum-radio.net

I ran this command:

It produced this output:

My web server is (include version): Apache 4.2

The operating system my web server runs on is (include version): Mac OSX 10.14.2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Hi,
Just received this email, and like many, I suspect, have no idea what it means.

I’m using “certbot” to renew certs on a regular basis.

/usr/local/bin/certbot renew


The following certs are not due for renewal yet:
/etc/letsencrypt/live/www6.robert-chalmers.uk/fullchain.pem expires on 2019-02-24 (skipped)
/etc/letsencrypt/live/www.quantum-radio.net/fullchain.pem expires on 2019-03-14 (skipped)
/etc/letsencrypt/live/robert-chalmers.uk/fullchain.pem expires on 2019-03-14 (skipped)
No renewals were attempted.

==============================
Hello,

Action is required to prevent your Let’s Encrypt certificate renewals from breaking.

Your Let’s Encrypt client used ACME TLS-SNI-01 domain validation to issue a certificate in the past 60 days.

TLS-SNI-01 validation is reaching end-of-life and will stop working on February 13th, 2019.

You need to update your ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your certificate renewals will break and existing certificates will start to expire.

If you need help updating your ACME client, please open a new topic in the Help category of the Let’s Encrypt community forum:

https://community.letsencrypt.org/c/help

Please answer all of the questions in the topic template so we can help you.

For more information about the TLS-SNI-01 end-of-life please see our API announcement:

Thank you,
Let’s Encrypt Staff


#2

Most likely, all you need to do is ensure that Certbot is updated to the latest version from Homebrew (0.30+):

/usr/local/bin/certbot --version

and make sure that a renewal dry-run succeeds without complaints:

/usr/local/bin/certbot renew --dry-run

#3

Thanks. Done. Needed the “–version” though to check

robert$ /usr/local/bin/certbot --version
certbot 0.30.0


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.