Jere's Techblog

Powershell Core installation on Linux

There are several ways to install Powershell on Linux/Max/Windows. The usual way is to download the installer package:

I prefer to add the package repository to the System to keep the installation up2date when you update your linux system/apps.

Microsoft has a very nice Documentation about the Powershell install:

Continue reading...

Linux Change TLS-SNI-01 because TLS-SNI-01 validation is reaching end-of-life

Two days ago I received the mail below.
TLS-SNI-01 will no longer be supported in the future. With this guide I’ll show you how to update the Let’s Encrypt certificate to the new standards. In my concrete example it is a Debian System 9.7 (Stretch) with a Nextcloud (Apache webserver) and certbot.

Your Let’s Encrypt client used ACME TLS-SNI-01 domain validation to issue
a certificate in the past 60 days. Below is a list of names and IP
addresses validated (max of one per account):


TLS-SNI-01 validation is reaching end-of-life. It will stop working
temporarily on February 13th, 2019, and permanently on March 13th, 2019.
Any certificates issued before then will continue to work for 90 days
after their issuance date.

You need to update your ACME client to use an alternative validation
method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your
certificate renewals will break and existing certificates will start to

First of all ensure you have certbot version 0.28.0 oder newer installed. Ensure your usig those comnmands with the root/admin user.

 certbot --version || /path/to/certbot-auto --version

If the version is older, use the following link to update Certbot.

Use only the install section of the instructions to update the certbot application. With my Debian example it is the following command:

apt-get install certbot python-certbot-apache -t stretch-backports

Now you have to remove the references to tls-sni-01 in your renewal configuration:

sh -c "sed -i.bak -e 's/^\(pref_challs.*\)tls-sni-01\(.*\)/\1http-01\2/g' /etc/letsencrypt/renewal/*; rm -f /etc/letsencrypt/renewal/*.bak"

To finish, a dry renewal with certbot must be carried out.

certbot renew --dry-run

Here you can find detailed information about Let’s Encrypt update with Certbot.

and with this link you will find general information about the TLS-SNI-01 expiration

Continue reading...