Action required: Let’s Encrypt certificate renewals

Just received email from letsencrypt.org to upgrade certbot as TLS-SNI-01 validation is reaching end-of-life.

By running

/usr/bin/letsencrypt --version
certbot 0.17.0

Following the instructions from https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210 needs to upgrade to 0.28 or higher.


$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx
certbot --version
certbot 0.28.0

2.Remove any explicit references to tls-sni-01 in your renewal configuration:

sudo sh -c "sed -i.bak -e 's/^\(pref_challs.*\)tls-sni-01\(.*\)/\1http-01\2/g' /etc/letsencrypt/renewal/*; rm -f /etc/letsencrypt/renewal/*.bak"

3. Run sudo certbot renew –dry-run. Remember to turn off nginx before you run it as it will have fail to bind port error.

That’s it. Good Luck with your upgrade.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s