I received the email discussing the ACME TLS-SNI-01 domain validation issue. But it doesnt show what domains it applies to. I’ve checked them all, I am running certbot versions 23+ on Ubuntu 18.04.1 and one 16.04.5 LTS.
Running the dry run all the challenges show using HTTP-01
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: Various
I ran this command:
apt-cache policy certbot | grep -i Installed
It produced this output:
Installed: 0.28.0-1+ubuntu18.04.1+certbot+4
Installed: 0.23.0-1
Installed: 0.25.0-1+ubuntu16.04.1+certbot+1
Installed: 0.23.0-1
My web server is (include version):
Apache/2.4.29 (Ubuntu)
Apache/2.4.18 (Ubuntu)
Apache/2.4.33 (Ubuntu)
The operating system my web server runs on is (include version): 18.04.1 and one 16.04.5 LTS.
My hosting provider, if applicable, is: AWS & self,
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
I agree that it would be very useful to have the domain(s) included in the email. In our case, we haven’t used this validation form for some time, but there would appear to be one needle in the haystack where this must still be scripted.
Having the domain in the email would be very handy for tracking where this older setup is still lurking.
Nothing that’ll change my opinion on how great LetsEncrypt is, maybe something useful for similar changes.
