Let's Encrypt Cert Renewals Email

Questions and answers about how to do stuff
Post Reply
bob.lenz
Posts: 12
Joined: 29 Jun 2015 22:33

Let's Encrypt Cert Renewals Email

Post by bob.lenz » 28 Jan 2019 19:09

Hello! I'm receiving the following email regarding Let's Encrypt and the certificate no longer working in my EFA Project Box (3.0.2.6) after Feb 13. Any ideas on how to fix this so the EFA box will request the proper certificate type? Thanks!
Hello,

Action may be required to prevent your Let's Encrypt certificate renewals from breaking.

If you already received a similar e-mail, this one contains updated information.

Your Let's Encrypt client used ACME TLS-SNI-01 domain validation to issue a certificate in the past 60 days. Below is a list of names and IP addresses validated (max of one per account):

DNS Domain Name (IP Address) on 2018-12-08

TLS-SNI-01 validation is reaching end-of-life. It will stop working temporarily on February 13th, 2019, and permanently on March 13th, 2019.
Any certificates issued before then will continue to work for 90 days after their issuance date.

You need to update your ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your certificate renewals will break and existing certificates will start to expire.

Our staging environment already has TLS-SNI-01 disabled, so if you'd like to test whether your system will work after February 13, you can run against staging: https://letsencrypt.org/docs/staging-environment/

If you're a Certbot user, you can find more information here:
https://community.letsencrypt.org/t/how ... tbot/83210

Our forum has many threads on this topic. Please search to see if your question has been answered, then open a new thread if it has not:
https://community.letsencrypt.org/

For more information about the TLS-SNI-01 end-of-life please see our API
announcement:
https://community.letsencrypt.org/t/feb ... port/74209

Thank you,
Let's Encrypt Staff

roni77
Posts: 1
Joined: 29 Jan 2019 06:40

Re: Let's Encrypt Cert Renewals Email

Post by roni77 » 29 Jan 2019 06:45

Hi
You should be able to change this in the file /usr/local/sbin/EFA-Renew-Certs.

bob.lenz
Posts: 12
Joined: 29 Jun 2015 22:33

Re: Let's Encrypt Cert Renewals Email

Post by bob.lenz » 29 Jan 2019 08:32

Unfortunately, I do not see anything talking about the encryption level in this script.

RampantTech
Posts: 4
Joined: 12 Nov 2018 23:05

Re: Let's Encrypt Cert Renewals Email

Post by RampantTech » 11 Feb 2019 23:19

HI All

Did anyone ever work this out?
This thread just stops at nothing
I need to fix the same issue
Some direction would be great

bob.lenz
Posts: 12
Joined: 29 Jun 2015 22:33

Re: Let's Encrypt Cert Renewals Email

Post by bob.lenz » 11 Feb 2019 23:31

Unfortunately, I do not have a solution yet. I was hoping someone could give direction here. We can't be the only two with this issue. Let's Encrypt documentation on certbot did not lead me anywhere as it doesn't seem to follow Let's Encrypt's rules although I did find out that they require version 0.28 and EFA seems to be running on 0.20 currently. Worried about updating it and breaking something else with SSL.

RampantTech
Posts: 4
Joined: 12 Nov 2018 23:05

Re: Let's Encrypt Cert Renewals Email

Post by RampantTech » 19 Feb 2019 02:06

HI All,

I am presuming that the statement in the Cert Bot Auto file in /opt/certbot/certbot-auto answers our questions
Comment at top of the file reads
"
Download and run the Latest version of the Certbot Client
Note this script is auto generated and Self Updating
If you want to edit it locally please run with the --no-self-upgrade FLAG
"
So I am presume that the CertBot client will auto upgrade itself when necessary
Can anyone validate this statement for me?

Gspearson
Posts: 5
Joined: 03 Feb 2014 18:11
Location: Goshen, IN
Contact:

Re: Let's Encrypt Cert Renewals Email

Post by Gspearson » 12 Mar 2019 14:21

What I have done is on version EFA-3.0.2.6 is login to console

run yum update (At time I did this today, had 216 updates to perform)
Then I ran certbot-auto renew which then upgraded certbot 0.21 to 0.32.0 and when completed. This then used the HTTP-01 validation method
Graham Pearson
Your Coldfusion Professional
Goshen, IN 46528

http://www.yourcfpro.com

bob.lenz
Posts: 12
Joined: 29 Jun 2015 22:33

Re: Let's Encrypt Cert Renewals Email

Post by bob.lenz » 12 Mar 2019 17:55

That did the trick for me! Thanks for the help, Gspearson

Here's a complete list of what I did:

Go to Shell
su
yum update --yes to all updates
cd /opt/certbot
./certbot-auto renew
exit

w_bufffet
Posts: 11
Joined: 27 Mar 2016 15:32

Re: Let's Encrypt Cert Renewals Email

Post by w_bufffet » 30 Apr 2019 08:43

Hi,
Confirming same issue, last post resolved it!
thank you

Post Reply