Letsencrypt: End-of-Life for All TLS-SNI-01 Validation Support

NethServer Version: 7.6
Module: Server certificate
Recently I receive an email from Letsencrypt expressing February 13, 2019: End-of-Life for All TLS-SNI-01 Validation Support

Not sure how I can check whether my current NethServer is using TLS-SNI-01 Validation Support and how to change to the “TLS-ALPN-01” method …
Appreciate assistance…

If you used the server manager to get your cert, it shouldn’t be using this validation method; it’d be using http-01 instead. To confirm, you can look in /etc/letsencrypt/renewal/*.conf for the renewal configuration file for your domain. The line that says pref_challs = will specify which challenge is being used–most likely, it will say http-01.

Edit: See also:


The conf file I have does not show " pref_challs =" in the file… shall I add it ?

----------Below is the details of my conf file -------

# renew_before_expiry = 30 days
version = 0.27.1
cert = /etc/letsencrypt/live/xxx.yyy.com/cert.pem
privkey = /etc/letsencrypt/live/xxx.yyy.com/privkey.pem
chain = /etc/letsencrypt/live/xxx.yyy.com/chain.pem
fullchain = /etc/letsencrypt/live/xxx.yyy.com/fullchain.pem
archive_dir = /etc/letsencrypt/archive/xxx.yyy.com

# Options used in the renewal process
authenticator = apache
account = ef1....................2c
server = https://acme-v02.api.letsencrypt.org/directory

No, that’s not necessary.

1 Like