I work at EFF and am an upstream developer of Certbot. This issue has jumped in priority now that TLS-SNI support will be dropped on February 13th, 2019. See https://community.letsencrypt.org/t/february-13-2019-end-of-life-for- all-tls-sni-01-validation-support/74209.
While the TLS-SNI challenge was initially disabled over 10 months ago, an exception had been made for people renewing certificates they had previously obtained using the challenge. This exception is going away on the above date. This means that unless users manually intervene or are upgraded to a new version, certificate renewal will fail. I pulled some numbers on this a couple months ago and found that there were nearly 10,000 unique Ubuntu 16.04 installations that were relying on this exception. This is for over 18,000 certificates covering over 30,000 domains. I certainly would like to avoid having all of these renewals fail. It's worth noting that the package that actually needs to be upgraded here is the python-letsencrypt-apache package, however, for this package to be upgraded to a newer version, python-letsencrypt will need to be as well as the packages were being released in lockstep. Please let me know if there's anything I can do to make this upgrade happen. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1745126 Title: Let's Encrypt has permanently disabled TLS-SNI challenge. Package not compatible any more with LE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-letsencrypt/+bug/1745126/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs