Package: certbot Version: 0.10.2-1 Followup-For: Bug #919933 Hallo,
the problem is that "TLS-SNI-01" is not supported anymore: https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209 the successor "TLS-ALPN-01" was only introduced last summer july 2018: https://community.letsencrypt.org/t/tls-alpn-validation-method/63814/2 alle of the letsencrypt clients found on https://wiki.debian.org/LetsEncrypt are the latest from 2017, none of them implement TLS-ALPN-01 So very soon all the certificates generated using these methods will be invalidated (ie expired). In my opinion this is a security issue for the stable distribution, a client (eg certbot) which supports "TLS-ALPN-01" should be updated in stable. Workaround: use the backport version hth, Wim -- System Information: Debian Release: 9.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/3 CPU cores) Locale: LANG=nl_BE.UTF-8, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8), LANGUAGE=nl_BE:nl (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages certbot depends on: ii init-system-helpers 1.48 ii python 2.7.13-2 ii python-certbot 0.10.2-1 certbot recommends no packages. Versions of packages certbot suggests: ii python-certbot-apache 0.10.2-1 pn python-certbot-doc <none> -- no debconf information
