LetsEncrypt canceled one of the ways to check the domain

5 февраля 2019 370 Просмотров

LetsEncrypt announced about deprecation of one of the ways to check the domain, namely ACME TLS-SNI-01 due to a serious vulnerability.

In other words, if your website renewed the certificate using the ACME TLS-SNI-01, then from February 13, 2019 this method will be temporarily unavailable, and from March 13, 2019 will be disabled permanently. All certificates issued up to this point will be valid for 90 days.

What should you do to update the certificate successfully? You need to update the ACME client and choose the verification method to use (HTTP-01, DNS-01 or TLS-ALPN-01).

If you are using certbot, you need to check its version:

# certbot --version
certbot 0.26.1

If you have a version below 0.28, then you need to update certbot, if you have 0.28 or higher, you do not need to do anything.

You can run the check, just in case:

#certbot renew --dry-run

For more information, you can read on the certbot official page.

Free Let's Encrypt SSL-certificates for shared hosting