Bug ID | 1123345 |
---|---|
Summary | Certbot does not seem ready for TLS-SNI-01 reaching end-of-life |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 15.0 |
Hardware | x86-64 |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Other |
Assignee | bnc-team-screening@forge.provo.novell.com |
Reporter | jwagner@computing.dcu.ie |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
Leap 15.0 comes with certbot 0.24.0, which is not ready for TLS-SNI-01 validation reaching end-of-life in 2019Q1 according to https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210 Package version suffix and zypper log/history does not suggest that functionality has been backported recently and I received a warning e-mail yesterday that I used ACME TLS-SNI-01 domain validation on 2019-01-19 (subject line "Action required: Let's Encrypt certificate renewals"). I use `certbot --apache certonly` for a single virtual domain and call `/usr/bin/certbot renew --quiet` weekly via crontab. Briefly scanning the certbot log for "sni", tls-sni-01 seems to have been used for the renewal on 2019-01-19.