Laravel Forge - LetsEncrypt Certificates Failing to Renew

LetsEncrypt have updated their challenges and renewals using the TLS-SNI-01 challenge will fail. You'll need to upgrade certbot/LetsEncrypt to use HTTP-01 challenges instead and manually reissue your certificates.

~

When LetsEncrypt arrived a few years ago, it definitely had one of largest impacts on the web in living memory. Suddenly everyone could have SSL for their website with minimal effort.

Over time, the way that systems like LetsEncrypt have to change the way they work for operational and security reasons. One of these recent changes means that your existing issued certificates may cease to renew. The reason for this is because the TLS-SNI-01 challenge has been revoked.

You can see plenty of posts around the web discussing the change and the fix isn’t too painful to implement.

For Laravel Forge and other Ubuntu 16 compatible systems, you can run the following commands to upgrade your version of certbot and get back to issuing your certificates:

sudo apt-get update
apt-get install software-properties-common
add-apt-repository universe
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot python3-certbot-nginx

Then run certbot and it’ll prompt you with a list of your sites to update:

A screenshot of Certbot

From there you’ll be able to issue certificates as normal and auto-renewals should succeed.