[Admin] Action required: Let's Encrypt certificate renewals


Action may be required to prevent your Let's Encrypt certificate renewals from

If you already received a similar e-mail, this one contains updated information.

Your Let's Encrypt client used ACME TLS-SNI-01 domain validation to issue a
certificate in the past 3 days. Below is a list of names and IP addresses
validated (max of one per account):

www.ffnw.de (2a01:4f8:192:832b:3::slight_smile: on 2019-03-13

TLS-SNI-01 validation has reached end-of-life. It stopped working permanently
on March 13th, 2019. Any certificates issued before then will continue to work
for 90 days after their issuance date.

You need to update your ACME client to use an alternative validation method
(HTTP-01, DNS-01 or TLS-ALPN-01) or your certificate renewals will break and
existing certificates will start to expire.

If you'd like to test whether your system is still working, you can run
against staging: https://letsencrypt.org/docs/staging-environment/

If you're a Certbot user, you can find more information here:

Our forum has many threads on this topic. Please search to see if your question
has been answered, then open a new thread if it has not:

For more information about the TLS-SNI-01 end-of-life, please see our API

Thank you,
Let's Encrypt Staff