Bug ID 1123345
Summary Certbot does not seem ready for TLS-SNI-01 reaching end-of-life
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.0
Hardware x86-64
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Other
Assignee bnc-team-screening@forge.provo.novell.com
Reporter jwagner@computing.dcu.ie
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Leap 15.0 comes with certbot 0.24.0, which is not ready for TLS-SNI-01
validation reaching end-of-life in 2019Q1 according to
https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210

Package version suffix and zypper log/history does not suggest that
functionality has been backported recently and I received a warning e-mail
yesterday that I used ACME TLS-SNI-01 domain validation on 2019-01-19 (subject
line "Action required: Let's Encrypt certificate renewals").

I use `certbot --apache certonly` for a single virtual domain and call
`/usr/bin/certbot renew --quiet` weekly via crontab.

Briefly scanning the certbot log for "sni", tls-sni-01 seems to have been used
for the renewal on 2019-01-19.

You are receiving this mail because: