LetsEncrypt renew issue


#1

Hello!
Recently received email from LetsEncrypt:
-------’
Your Let’s Encrypt client used ACME TLS-SNI-01 domain validation to issue
a certificate in the past 60 days.
TLS-SNI-01 validation is reaching end-of-life. It will stop working
temporarily on February 13th, 2019, and permanently on March 13th, 2019.
Any certificates issued before then will continue to work for 90 days
after their issuance date.
You need to update your ACME client to use an alternative validation
method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your
certificate renewals will break and existing certificates will start to
expire.
If you’re a Certbot user, you can find more information here:
https://community.letsencrypt.org/t/how-to-stop-using-tls-sn…

What can you advise to do to keep https working?
Thank’s a lot!


#2

You should update your Lets Encrypt client as described in the article they’ve linked you to.

The guide we have for using LetsEncrypt doesn’t ever use SNI validation so I’m not sure what configuration you have to trigger that.


#3

Thank you, Alex, for the prompt reply. I will do that upgrade and report the result here. May be it will be useful for others.


#4

Yes, certbot was old (0.21). First of all was needed to upgrade up to the latest version (0.28 for apache ubuntu 16.04). Then proceed the instructions on link above. All fine now, thank you.