back to article Get in the bin: Let's Encrypt gives admins until February 13 to switch off TLS-SNI-01

If you're still using TLS-SNI-01, stop: a year after a slip-up allowed miscreants to claim Let's Encrypt certificates for domains they didn't own, the free certificate authority has announced the final sunset of the protocol involved. In January 2018, Let's Encrypt discovered that validation based on TLS-SNI-01 and its planned …

  1. Locky

    Valentines will be nice

    Roses are red

    Violets are blue

    The website is down

    Should have used TLS 1.2

  2. Len
    Paris Hilton

    Proof of ownership

    Do I understand it correctly that this was basically a flaw in the process to prove to LE that you were the legitimate owner of the domain you requested a cert for? And it has now deprecated that process leaving the only other way to prove ownership via a DNS record?

    1. nil0

      Re: Proof of ownership

      It should say DNS-01 or HTTP-01; the latter is working for me without any DNS mucking about.

    2. tialaramex

      Re: Proof of ownership

      tls-sni-01 was Let's Encrypt's implementation of one of the Ten Blessed Methods authorized for proving you control a DNS name to a Certificate Authority, specifically method 3.2.2.4.10. TLS Using a Random Number

      They also offered dns-01, an implementation of method 3.2.2.4.7 DNS Change and http-01, an implementation of method 3.2.2.4.6 Agreed‐Upon Change to Website. Those are unchanged, they still work, if you're using either of them everything remains as before. Most Let's Encrypt users are using one or the other of these methods.

      But tls-sni-01 is a problem because it can be tricked by sufficiently half-arsed bulk hosting or service provider setups into letting a bad guy have certificates for somebody else's names (see linked example in article). So, various smart people invented a new implementation of 3.2.2.4.10 called tls-alpn-01 which you can use instead of tls-sni-01 and isn't tricked by such mis-configuration. Let's Encrypt offers this today, and will continue to offer it after tls-sni-01 is forbidden.

      If you have email setup for your Let's Encrypt certs, and didn't get warnings about this, you're fine. If you have warning emails, and you understand what you're doing, switch to either tls-alpn-01, or dns-01 or http-01 as appropriate. If you got warning emails and you don't understand what you're doing you're going to need somebody to help fix it for you or your certificates may expire in the next three months or so and not get replaced.

  3. PyLETS

    Got the email, fixed it

    I was emailed by LETSEncrypt to say that I was using the old protocol. This was the case on a Debian stable (stretch) server. Putting the new client just needed adding the backports repository to /etc/apt/sources.list and installing the backported certbot package over the outdated one in the main stretch repository. That's why for some purposes you should give an email address to those upon whose software and services you depend.

    1. Spazturtle Silver badge

      Re: Got the email, fixed it

      >That's why for some purposes you should give an email address to those upon whose software and services you depend.

      Your email address should be in the DNS CAA record of your site anyway.

    2. Phil Endecott

      Re: Got the email, fixed it

      > Debian stable

      Yes, I also run Debian stable and got the email, so upgraded certbot to the version in backports (0.25 to 0.28 I think). But I’m not entirely confident that it has fixed the problem, i.e. that it will now use a different method, because I don’t have any certs that will expire before the Feb cut-off. An earlier email would have helped I guess. Are you confident that simply upgrading certbot to the backports version is sufficient to fix it, without e.g. any config changes?

      1. Stuart 22

        Re: Got the email, fixed it

        No email which is good news but obviously I shouldn't assume I'm in the clear.

        I presume I can wait till February 13th and carefully monitor the renewals thereafter (I have a nice little script for that). If I get a failure I assume I still have 30 days to fix the problem (mine auto-renew 60 days into the 90 day validity).

  4. john.jones.name

    so you can validate via DNS...

    but you do NOT have to have DNSSEC...

    some PKI scheme you have there...

    1. Lee D Silver badge

      Re: so you can validate via DNS...

      How is that different from any other SSL certificate provider?

      1. muhfugen

        Re: so you can validate via DNS...

        "How is that different from any other SSL certificate provider?"

        https://en.wikipedia.org/wiki/Extended_Validation_Certificate

  5. Norbie

    Too many LE devices, no clue as to which need updating

    It would be helpful if the Let's Encrypt email that I have received informing me that I have a Let's Encrypt client that used ACME TLS-SNI-01 domain validation to issue a certificate in the past 60 days, told me what the hostname was so I had a chance of discovering which of the many servers / devices that I have LE implemented on is affected!

    1. Dan 55 Silver badge

      Re: Too many LE devices, no clue as to which need updating

      Shouldn't you have an Excel spreadsheet set up with that info at the very least?

  6. Anonymous Coward
    Anonymous Coward

    All my domains are already TLS 1.3 only. Obviously, you need to know your user base before disabling TLS 1.2 or 1.1.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon