Update Certbot to use the latest Validation Method (ACME EOL!)

If you are using Cerbot and also have received an E-Mail from Let’s Encrypt, informing you that the ACME-TLS-SNI-01 Domain Validation reaches End of Life on February 13. 2019, I have an easy way for you to Update Cerbot to use the latest Validation Method.

 

E-Email from Let’s Encrypt:

Hello,

**Action is required to prevent your Let’s Encrypt certificate renewals from breaking.**

Your Let’s Encrypt client used ACME TLS-SNI-01 domain validation to issue a certificate in the past 60 days.

TLS-SNI-01 validation is reaching end-of-life and will stop working on **February 13th, 2019.**

You need to update your ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your certificate renewals will break and existing certificates will start to expire.

If you need help updating your ACME client, please open a new topic in the Help category of the Let’s Encrypt community forum:

https://community.letsencrypt.org/c/help

Please answer all of the questions in the topic template so we can help you.

For more information about the TLS-SNI-01 end-of-life please see our API announcement:

https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209

Thank you,
Let’s Encrypt Staff

 

I show you how to Update Certbot to the latest version and automatically implement the newest Validation Method. I use Ubuntu Server 16.04 in this example, but this should work on 18.04 as well.

 

 

Update Certbot to the latest Version

Make sure to update your repository first:

sudo apt-get update

After this, we are going to install the newest version of Certbot:

sudo apt-get install certbot python3-certbot-apache -Y

Update Certbot

 

Next, we have to run Certbot and re-initialize our Configuration:

certbot

Update Certbot

 

A quick run-down of the questions and answers:

  • Which names would you like to activate HTTPS for?
    • Choose your Domain
  • What would you like to do?
    • 1 Attempt to reinstall this existing certificate
    • 2 Renew & replace the cert (limit ~5 per 7 days) <—Choose 2
  • Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
    • 1 No Redirect
    • 2 Redirect <– Up to you, but I chose Redirect

At the end, you should see a confirmation that the installation was successful.

 

Verifying if Certbot works

To verify if Certbot works, you can do a dry-run:

certbot renew --dry-run

Update Certbot

Which ideally tells you that the dry run was successful.

 

Conclusion

That’s it. Probably was much easier than you thought it would be, right? If you want to automate Certbot, check out my Tutorial on it.

Tell us what you think!

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: