Von Letsencrypt kommen E-Mails mit der Nachricht
You may need to update your client to the latest version in case it is still using the deprecated TLS-SNI-01 validation method. https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209
Mit dem neuen certbot das Zertifikat erneuern:
$ certbot --version || /path/to/certbot-auto --version
certbot 0.28.0
$ sudo sh -c "sed -i.bak -e 's/^\(pref_challs.*\)tls-sni-01\(.*\)/\1http-01\2/g' /etc/letsencrypt/renewal/*; rm -f /etc/letsencrypt/renewal/*.bak"
$ sudo certbot renew --dry-run
Jetzt kommt die Fehlermeldung:
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: bone.nfix.de
Type: connection
Detail: Fetching
http://bone.nfix.de/.well-known/acme-challenge/C1ye-gE-z3kMKFE-UQxZ-pkGaLD19E9FA7bHa6malik:
Error getting validation data
Da certbot den http Zugriff auf bone.nfix.de benötigt, muss in der Fritzbox das Port 80 freigegeben sein.
$ sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/bone.nfix.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for bone.nfix.de
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/bone.nfix.de/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/bone.nfix.de/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Tags: beaglebone letsencrypt