I recently received the following email from Let's Encrypt, about one of my servers not managed by i-MSCP:
Action required: Let's Encrypt certificate renewals
Action may be required to prevent your Let's Encrypt certificate renewals
If you already received a similar e-mail, this one contains updated
Your Let's Encrypt client used ACME TLS-SNI-01 domain validation to issue
a certificate in the past 60 days. Below is a list of names and IP
addresses validated (max of one per account):
TLS-SNI-01 validation is reaching end-of-life. It will stop working
temporarily on February 13th, 2019, and permanently on March 13th, 2019.
Any certificates issued before then will continue to work for 90 days
after their issuance date.
You need to update your ACME client to use an alternative validation
method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your
certificate renewals will break and existing certificates will start to
Our staging environment already has TLS-SNI-01 disabled, so if you'd like
to test whether your system will work after February 13, you can run
against staging: https://letsencrypt.org/docs/staging-environment/
If you're a Certbot user, you can find more information here:
Our forum has many threads on this topic. Please search to see if your
question has been answered, then open a new thread if it has not:
For more information about the TLS-SNI-01 end-of-life please see our API
Let's Encrypt Staff
The linked article about certbot very strongly suggests that the minimum certbot version should be at least 0.28.0, and the latest version of certbot is in fact 0.30.2.
However, the version installed by the Let's Encrypt plugin is 0.26.1.
I realize that i-MSCP already uses the http-01 challenge, so the tls-sni-01 deprecation does not affect my i-MSCP server in that way. But I wanted to ask if it would make sense to update certbot to the newest version manually, or if maybe a new version of the LE plugin that includes the latest certbot is on the horizon anyway.
Thanks in advance for your help.