Mail about TLS-SNI-01 end of life

letsdebug · January 18, 2019, 10:14am

Hello,
I just received the mail about TLS-SNI-01 end of life.

I use Let’s Encrypt on Plesk servers; Plesk knowledge base says they never used TLS-SNI-01: https://talk.plesk.com/threads/lets-encrypt-issue-with-tls-sni-01.346524/

At this point I’m really confused… I have lots of server and lots of domains; is there any way to know which domains the mail refers to?

Thanks in advance.

JuergenAuer · January 18, 2019, 10:37am

Hi @letsdebug

if you don't use tls-sni-01 - validation, ignore the mail.

http-01 / dns-01 works.

gmx · January 18, 2019, 11:01am

We received the same email but I honestly am not sure whether we’ve ever used TLS-SNI-01 or not. We use certbot on CentOS 7 - what is the default method of auth please?

Thanks

JuergenAuer · January 18, 2019, 11:06am

That depends on your certbot version (old: tls-sni was standard) and your config.

Check your config / renew files. “standalone” and “tls-sni” is critical.

gmx · January 18, 2019, 12:36pm

So presumably the version in the RHEL7 repos is up to date? In which case presumably I can just update certbot from there?

_az · January 18, 2019, 12:38pm

To get up-to-date Certbot on EL7 and its derivatives, you need to install it from EPEL, as shown here: https://certbot.eff.org/lets-encrypt/centosrhel7-other

The RHEL repos themselves may sport a non-current version.

What’s important to you is for Certbot to be 0.28 or higher:

certbot --version

system · February 17, 2019, 12:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.