Let's Encrypt will no longer be offering the "simpleHttp" and "dvsni" challenges as of Thursday, November 18. If your client depends on these challenges, you will need to update to the "http-01" or "tls-sni-01" challenges by that date, or your client will no longer work. The current version of the official Let's Encrypt client supports the new challenges.
This change is required because these older challenges have a signature reuse vulnerability, reported on the IETF ACME list by Andrew Ayer several weeks ago. Also, please note: The "tls-sni-01" challenge currently offered by Let's Encrypt is currently not compatible with the "tls-sni-01" challenge defined in draft-ietf-acme-acme-01. It lacks the "n" parameter. This is a known issue, and will be resolved once the IETF ACME working group decides whether to keep the "n" parameter. -- Josh Aas Executive Director Internet Security Research Group _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
