http://bugzilla.opensuse.org/show_bug.cgi?id=1123345 http://bugzilla.opensuse.org/show_bug.cgi?id=1123345#c1 Jon Brightwell <jon@moozaad.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jon@moozaad.co.uk --- Comment #1 from Jon Brightwell <jon@moozaad.co.uk> --- For clarity, here's the snippet from the email with exact dates.

TLS-SNI-01 validation is reaching end-of-life. It will stop working temporarily on February 13th, 2019, and permanently on March 13th, 2019. Any certificates issued before then will continue to work for 90 days after their issuance date.

-- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1123345 http://bugzilla.opensuse.org/show_bug.cgi?id=1123345#c3 David Kronlid <david@kronlid.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |david@kronlid.net, | |tchvatal@suse.com Flags| |needinfo?(tchvatal@suse.com | |) --- Comment #3 from David Kronlid <david@kronlid.net> --- Is certbot going to get upgraded for Leap 42.3 and for SLES backports too, or is this only going to get fixed for Leap 15.0? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1123345 http://bugzilla.opensuse.org/show_bug.cgi?id=1123345#c5 Alfred Scherff <alfred@scherff.eu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |alfred@scherff.eu --- Comment #5 from Alfred Scherff <alfred@scherff.eu> --- Letsencrypt closed TLS-SNI-01 validation on March 13th, 2019. So certbot 0.24.0 is not able to install or renew certs! Update to 0.30.2 is locked!? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1123345 http://bugzilla.opensuse.org/show_bug.cgi?id=1123345#c7 --- Comment #7 from Tomáš Chvátal <tchvatal@suse.com> --- (In reply to Tomáš Chvátal from comment #6)

repo-checker wrote about 1 month ago openSUSE_Leap_15.0_Update/x86_64 install check & file conflicts found conflict of certbot-0.24.0-lp150.1.4.noarch with python2-certbot-0.30.2-lp150.2.1.noarch: - /usr/bin/certbot

^ reason it is stopped. Sadly nobody told me about it until I digged myself.

Submission #684875 should fix it.

Actually I looked wrongly it is released. See python2-certbot or python3-certbot are both at version 0.30.2. If you have certbot or certbot-python package and do update this is what happens: The following 13 NEW packages are going to be installed: python2-certbot python3-acme python3-certbot python3-configargparse python3-future python3-josepy python3-parsedatetime python3-pyRFC3339 python3-pytz python3-requests-toolbelt python3-zope.component python3-zope.event python3-zope.interface The following 2 packages are going to be REMOVED: certbot python-certbot 13 new packages to install, 2 to remove. Overall download size: 2.4 MiB. Already cached: 0 B. After the operation, additional 11.7 MiB will be used. Continue? [y/n/...? shows all options] (y): -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1123345 http://bugzilla.opensuse.org/show_bug.cgi?id=1123345#c9 --- Comment #9 from Jon Brightwell <jon@moozaad.co.uk> --- Also be aware with the change over that your configs and cron will be renamed to *.rpmsave. Other than that, I had no problems on L15. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1123345 http://bugzilla.opensuse.org/show_bug.cgi?id=1123345#c11 --- Comment #11 from Joachim Wagner <jwagner@computing.dcu.ie> --- On my Leap 15.0 system with certbot 0.24.0 (I did not manually switch to python2-certbot as suggested in some comments here), my weekly certbot cronjob renewed my cert on 2019-03-23 without errors. That's after the announced TLS-SNI-01 end-of-life. Reading on https://community.letsencrypt.org/t/tls-sni-01-validation-is-reaching-end-of...

Certbot 0.23.0 is new enough that it supports HTTP validation, but old enough that it will continue to use TLS-SNI validation by default until Let’s Encrypt disables it.

I guess that certbot 0.24.0 automatically switched from using TLS-SNI to some other method when TLS-SNI was no longer accepted by the cert server. This would mean that previous information from the https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbo... 0.24.0 being too old was wrong and we are fine to keep certbot 0.24.0 (until some other problem emerges). Right? -- You are receiving this mail because: You are on the CC list for the bug.