Copyediting suggestion


#1

Regarding the closed thread by @bmw: How to stop using TLS-SNI-01 with Certbot

If the dry run succeeds, and your Certbot version is 0.28 or higher, you’re good to go! If it fails, fix the validation problems you see and try again.

The clause “good to go” doesn’t communicate what the audience should expect / do. I’m inferring that it means:

Interpretation 1:

If the dry run succeeds, and your Certbot version is 0.28 or higher, when we retire TLS-SNI-01, things will keep working automatically, no further action required on your part!

But there’s, I think, decent reason to think that it might mean:

Interpretation 2:

If the dry run succeeds, and your Certbot version is 0.28 or higher, you should run this same command again, but without the --dry-run flag, as soon as possible after the announced date of end of life for TLS-SNI-01. Presently this is targeted for $DATE.

Or it might mean:

Interpretation 3:

If the dry run succeeds, and your Certbot version is 0.28 or higher, you should run this same command again, but without the --dry-run flag.

Could the text be clarified? It’s naturally to want to be positive, upbeat, and terse with “good to go” but, given that we’re in a security context, I’d appreciate the extra precision so as to avoid any bumps in the road.

Thanks,

Steven


#2

Hi @sgharms

my personal position: It’s impossible to say: “Hey, now it will work”.

Reason: There are so much buggy or “untypical” configurations, that every test doesn’t count.

A test ist always a test, nothing else.

The only thing that’s really works: Wait and check, if your productive certificates are renewed.

If not, check it again.


#3

I added a sentence to @bmw’s post that indicates that interpretation 1 is the intended one.