[SAC] Fwd: Action required: Let's Encrypt certificate renewals
Alex M
tech_dev at wildintellect.com
Tue Jan 29 14:09:44 PST 2019
Here's the more specific fix for certbot, in addition to upgrading it's
recommended to remove tls-sni-01 references from certbot configurations.
Commands available on
https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210
Thanks,
Alex
On 1/29/19 09:30, Alex M wrote:
> Looks like we need to audit all the machines that have LetsEncrypt
> configured and upgrade their certbot versions.
>
> -Alex
>
> -------- Forwarded Message --------
> Subject: Action required: Let's Encrypt certificate renewals
> Date: Tue, 29 Jan 2019 02:09:46 +0000
> From: noreply at letsencrypt.org
> To: sysadmin at osgeo.org
>
> Hello,
>
> Action may be required to prevent your Let's Encrypt certificate renewals
> from breaking.
>
> If you already received a similar e-mail, this one contains updated
> information.
>
> Your Let's Encrypt client used ACME TLS-SNI-01 domain validation to issue
> a certificate in the past 60 days. Below is a list of names and IP
> addresses validated (max of one per account):
>
> grass.osgeo.org (140.211.15.3) on 2018-11-25
>
> TLS-SNI-01 validation is reaching end-of-life. It will stop working
> temporarily on February 13th, 2019, and permanently on March 13th, 2019.
> Any certificates issued before then will continue to work for 90 days
> after their issuance date.
>
> You need to update your ACME client to use an alternative validation
> method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your
> certificate renewals will break and existing certificates will start to
> expire.
>
> Our staging environment already has TLS-SNI-01 disabled, so if you'd like
> to test whether your system will work after February 13, you can run
> against staging: https://letsencrypt.org/docs/staging-environment/
>
> If you're a Certbot user, you can find more information here:
> https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210
>
> Our forum has many threads on this topic. Please search to see if your
> question has been answered, then open a new thread if it has not:
> https://community.letsencrypt.org/
>
> For more information about the TLS-SNI-01 end-of-life please see our API
> announcement:
> https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209
>
> Thank you,
> Let's Encrypt Staff
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/sac
>
More information about the Sac
mailing list