FYI, we’ll begin sending these e-mails tomorrow to Let’s Encrypt subscribers who might have problems with our new validation from multiple vantage points, according to our testing and log analysis.
It’s not feasible for us to include client IPs and sample FQDNs in this batch of e-mails, unfortunately. I’m hopeful that most subscribers with multi-VA incompatible setups are advanced enough to locate affected clients based on their registration ID.
Starting Feb. 19, 2020, Let’s Encrypt began making multiple domain validation requests from diverse network vantage points. More info here: ACME v1/v2: Validating challenges from multiple network vantage points
We are excited to be able to turn on this feature with little to no interference with your integration. We expect this feature to affect less than 1% of all domain validations from the Let’s Encrypt certificate authority. That’s better security, by default, for you and your customers.
Your ACME account ID [id] may have some errors and failed validations due to the multiple vantage point validation feature. We suggest you monitor your implementation when the feature is turned on and make any fixes necessary.
The best way to test compatibility for this feature is to perform test issuances in our staging environment where the new requirement is already enabled: https://letsencrypt.org/docs/staging-environment/
If you need extra time to work on getting your integration ready for multiple vantage point validation, we will have an exception list available through June 1, 2020: https://forms.gle/9QN7dxALJVAoRjMKA
This exception list is temporary. After June 1, 2020, you will be using the multiple vantage point feature and may experience increased domain validation failure rates unless you take action to ensure compatibility.
Our expert community, including Let’s Encrypt staff and many client developers, monitor our community forum and are available to help if you get stuck. https://community.letsencrypt.org/
The best way to keep up-to-date on this new feature (and all API-related Let’s Encrypt announcements) is to subscribe to our API announcements by clicking the bell in the top right corner of this page: https://community.letsencrypt.org/c/api-announcements/
The Let’s Encrypt Team