Letsencrypt auf BBB erneuern

20.02.2019 - Lesezeit: 3 Minuten

Von Letsencrypt kommen E-Mails mit der Nachricht

You may need to update your client to the latest version in case it is still using the deprecated TLS-SNI-01 validation method. https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209

  • Neue Version von certbot 0.28 installieren

  • Mit dem neuen certbot das Zertifikat erneuern:

    $ certbot --version || /path/to/certbot-auto --version
    certbot 0.28.0
    $ sudo sh -c "sed -i.bak -e 's/^\(pref_challs.*\)tls-sni-01\(.*\)/\1http-01\2/g' /etc/letsencrypt/renewal/*; rm -f /etc/letsencrypt/renewal/*.bak"
    $ sudo certbot renew --dry-run
  • Jetzt kommt die Fehlermeldung:

    IMPORTANT NOTES:
    - The following errors were reported by the server:
    
    Domain: bone.nfix.de
    Type:   connection
    Detail: Fetching
    http://bone.nfix.de/.well-known/acme-challenge/C1ye-gE-z3kMKFE-UQxZ-pkGaLD19E9FA7bHa6malik:
    Error getting validation data
  • Da certbot den http Zugriff auf bone.nfix.de benötigt, muss in der Fritzbox das Port 80 freigegeben sein.

$ sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/bone.nfix.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for bone.nfix.de
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/bone.nfix.de/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/bone.nfix.de/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Tags: beaglebone letsencrypt