Action required: Let’s Encrypt certificate renewals

Just received email from to upgrade certbot as TLS-SNI-01 validation is reaching end-of-life.

By running

/usr/bin/letsencrypt --version
certbot 0.17.0

Following the instructions from needs to upgrade to 0.28 or higher.

$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx
certbot --version
certbot 0.28.0

2.Remove any explicit references to tls-sni-01 in your renewal configuration:

sudo sh -c "sed -i.bak -e 's/^\(pref_challs.*\)tls-sni-01\(.*\)/\1http-01\2/g' /etc/letsencrypt/renewal/*; rm -f /etc/letsencrypt/renewal/*.bak"

3. Run sudo certbot renew –dry-run. Remember to turn off nginx before you run it as it will have fail to bind port error.

That’s it. Good Luck with your upgrade.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s