Skip to content

Instantly share code, notes, and snippets.

@jaircuevajunior

jaircuevajunior/fix_certbot.md

Last active January 29, 2019 12:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jaircuevajunior/6c823a0539e95b7d9e417b39030ba535 to your computer and use it in GitHub Desktop.
Save jaircuevajunior/6c823a0539e95b7d9e417b39030ba535 to your computer and use it in GitHub Desktop.
Download ZIP
Fix certbot TLS-SNI-01 deprecation
Raw
fix_certbot.md

Ref: https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210

Certbot version must be updated to .28+

certbot --version

If it's not, then update it!

apt-get update && apt-get install certbot -y

Remove possible mentions to TLS-SNI-01 on renewable certificates

sudo sh -c "sed -i.bak -e 's/^\(pref_challs.*\)tls-sni-01\(.*\)/\1http-01\2/g' /etc/letsencrypt/renewal/*; rm -f /etc/letsencrypt/renewal/*.bak"

Dry-Run / Test

certbot renew --dry-run --preferred-challenges http-01,dns-01

Finally renew all certificates

Adapt renew-hook according your environment

certbot renew --force-renewal --preferred-challenges http-01,dns-01 --renew-hook="apache2ctl -k graceful"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment