Over the next 48 hours we will be building a list of vulnerable providers and their associated IP addresses. Our tentative plan, once the list is completed, is to re-enable the TLS-SNI-01 challenge type with vulnerable providers blocked from using it.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer apache
Running pre-hook command: systemctl stop apache2
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.hixfamily.us
http-01 challenge for cloud.hixfamilyreunion.com
http-01 challenge for www.hixfamily.us
http-01 challenge for www.hixfamliyreunion.com
Waiting for verification…
Cleaning up challenges
Running post-hook command: systemctl start apache2
Failed authorization procedure. www.hixfamliyreunion.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for www.hixfamliyreunion.com
I checked each one is going to the apache start page… so DNS is working as expected.
Hope I did not hijack the thread. Let me know and I will move this to a new topic.
I noticed the liy instead of ily … corrected and it ran as expected. Sorry for the confusion
I appreciate there is a straightforward work around, and I also understand the security vulnerability as well as the importance of maintaining your ability to issue certificates.
However we’ve already deployed certbot with auto renewal across dozens of environments and hundreds of sites – do you recommend we switch everything over now or is there going to be an anticipated fix to restore original functionality?