Upgrade to 0.40 has no certificates

The new version installs apparently successfully on the newly imaged server. But there are no certificates for the “virtual” domains and the certificate for the main domain is not accepted by my android mail client, nor by firefox.

In the previous version, I recollect it was possible to force certbot to provision certificates from the system admin, but I can find no way now to do so.

The status report states ‘The domain name does not resolve to this machine: [Not Set] (A), [Not Set] (AAAA).’ but this should not be so since the box should have set up the DNS correctly – exactly as it has been for the last year or more.

I suppose (hope) that the incorrect dns reports will self-correct after some number of hours, but…

  1. Should I try to run certbot from the cli, or would that mess with the automatic provisioning?

  2. what can I do about the main domain certificate being rejected by clients?

Right now, from the status report comments you are waiting on DNS … did your server retain the IP address or were you forced to change it?

You are right. the DNS has self corrected. I can’t see why it initially failed, as the IP was unchanged - I just re-imaged the cloud server, so the whole process would have taken less than half an hour were it not for the separate problem I had with restoring the backup.

Anyway, I imagine the certificates issue may be sorted overnight by miab robots. But it is a pity there has to be such a long gap in service for the upgrade.

Can you check … are you able to go to the TLS (SSL) Certificates page in the admin area and manually provision a certificate now?

Yes! The button for “provision certificate” is now there and I have successfully provisioned it.