stop using TLS-SNI-01 with Certbot

xkrivzooh2019年1月28日

post

杂记

大约 1 分钟

stop using TLS-SNI-01 with Certbot

今天收到一个来自letsencrypt的邮件：Action required: Let's Encrypt certificate renewals，简单的说就是Let’s Encrypt移除了对TLS-SNI-01的支持。所以我就按照他们的指示，修改了一下我的certbot配置。操作步骤如下:

检查certbot的版本大于0.28

使用命令certbot --version来检查命令。我检查的时候发现我的版本比0.28低，所以我需要升级一下：

[root@VM_43_49_centos workspace]# certbot --version
certbot 0.26.1

sudo yum upgrade certbot

我在使用sudo yum upgrade certbot以后，测试版本出现下面的异常：

[root@VM_43_49_centos workspace]# certbot --version
Traceback (most recent call last):
  File "/usr/bin/certbot", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 3011, in <module>
    parse_requirements(__requires__), Environment()
  File "/usr/lib/python2.7/site-packages/pkg_resources.py", line 626, in resolve
    raise DistributionNotFound(req)
pkg_resources.DistributionNotFound: acme>=0.29.0
[root@VM_43_49_centos workspace]# yum list | grep acme
Repository epel is listed more than once in the configuration

所以我还需要升级一下

sudo yum upgrade python2-acme.noarch

升级完以后检查版本

[root@VM_43_49_centos workspace]# certbot --version
certbot 0.29.1

Remove any explicit references to tls-sni-01 in your renewal configuration:

执行下面的命令

sudo sh -c "sed -i.bak -e 's/^\(pref_challs.*\)tls-sni-01\(.*\)/\1http-01\2/g' /etc/letsencrypt/renewal/*; rm -f /etc/letsencrypt/renewal/*.bak"

Do a full renewal dry run:

sudo certbot renew --dry-run

参考资料

How to stop using TLS-SNI-01 with Certbotopen in new window

stop using TLS-SNI-01 with Certbot

# stop using TLS-SNI-01 with Certbot

# 检查certbot的版本大于0.28

# Remove any explicit references to tls-sni-01 in your renewal configuration:

# Do a full renewal dry run:

# 参考资料

stop using TLS-SNI-01 with Certbot

检查certbot的版本大于0.28

Remove any explicit references to tls-sni-01 in your renewal configuration:

Do a full renewal dry run:

参考资料