What's the status on TLS-SNI-01 challenge


#1

I would like to use Let’s Encrypt for my Nextcloud server. Unfortunately, to the best of my knowledge, the TLS-SNI-01 challenge is still on hold while the security issues are resolved. What’s the status on this? I’m currently using a self-signed certificate, which is kind of a pain when I’m sharing files with non-technical people (who freak out when their browser yells at them). My ISP blocks port 80, so I’m kind of screwed when it comes to using Let’s Encrypt.


#2

Hi @fpernice518

the tls-sni-01 - challenge is deprecated. The support ends 2019-02-13.

PS: You can use the dns-01 - validation.


#3

Let’s Encrypt supports the newer TLS-ALPN-01 challenge type on port 443, but not many clients support it yet.


#4

If you need one, see this recent discussion: Which client support tls-alpn challenge?


#5

Might I suggest that LetsEncrypt update their server error message to mention recent changes/deprecations? Our challenges started failing recently due to Certbot now preferring http-01 over tls-sni-01. That switch was invisible to us, leading us to think that something had changed on our end.

Just a thought.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.