{"id":1206,"date":"2019-01-28T15:59:43","date_gmt":"2019-01-28T06:59:43","guid":{"rendered":"https:\/\/aoboshi.org\/?p=1206"},"modified":"2019-05-06T14:01:08","modified_gmt":"2019-05-06T05:01:08","slug":"lets-encrypt%e3%81%aetls-sni-01%e7%b5%82%e4%ba%86%e5%af%be%e5%bf%9c","status":"publish","type":"post","link":"https:\/\/aoboshi.org\/?p=1206","title":{"rendered":"Let\u2019s Encrypt\u306eTLS-SNI-01\u7d42\u4e86\u5bfe\u5fdc"},"content":{"rendered":"\n

\u672c\u65e5Let\u2019s Encrypt\u304b\u3089\u30e1\u30fc\u30eb\u304c\u6765\u307e\u3057\u305f\u3002<\/p>\n\n\n\n

Action required: Let’s Encrypt certificate renewals<\/p>

<\/p>

Hello,<\/p>

Action may be required to prevent your Let’s Encrypt certificate renewals
from breaking.<\/p>

If you already received a similar e-mail, this one contains updated
information.<\/p>

Your Let’s Encrypt client used ACME TLS-SNI-01 domain validation to issue
a certificate in the past 60 days. Below is a list of names and IP
addresses validated (max of one per account):<\/p>

aoboshi.org<\/a> (35.230.123.50) on 2019-01-18<\/p>

TLS-SNI-01 validation is reaching end-of-life. It will stop working
temporarily on February 13th, 2019, and permanently on March 13th, 2019.
Any certificates issued before then will continue to work for 90 days
after their issuance date.<\/p>

You need to update your ACME client to use an alternative validation
method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your
certificate renewals will break and existing certificates will start to
expire.<\/p>

Our staging environment already has TLS-SNI-01 disabled, so if you’d like
to test whether your system will work after February 13, you can run
against staging: https:\/\/letsencrypt.org\/docs\/staging-environment\/<\/a><\/p>

If you’re a Certbot user, you can find more information here:
https:\/\/community.letsencrypt.org\/t\/how-to-stop-using-tls-sni-01-with-certbot\/83210<\/a><\/p>

Our forum has many threads on this topic. Please search to see if your
question has been answered, then open a new thread if it has not:
https:\/\/community.letsencrypt.org\/<\/a><\/p>

For more information about the TLS-SNI-01 end-of-life please see our API
announcement:
https:\/\/community.letsencrypt.org\/t\/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support\/74209<\/a><\/p>

Thank you,
Let’s Encrypt Staff
<\/p><\/blockquote>\n\n\n\n

\u306a\u3093\u3060\u3068\u601d\u3063\u3066\u8abf\u3079\u305f\u3089\u3001\u30c9\u30e1\u30a4\u30f3\u691c\u8a3c\u65b9\u5f0f\uff62TLS-SNI-01\uff63\u306b\u8106\u5f31\u6027\u304c\u898b\u3064\u304b\u308a\u30012\u670813\u65e5\u3092\u3082\u3063\u3066\u305d\u306e\u65b9\u5f0f\u3092\u4f7f\u7528\u3067\u304d\u306a\u304f\u3059\u308b\u306e\u3067\u300160\u65e5\u4ee5\u5185\u306b\u305d\u306e\u65b9\u5f0f\u3067SSL\u8a3c\u660e\u66f8\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u3057\u3066\u3044\u305f\u30e6\u30fc\u30b6\u306b\u5bfe\u3057\u3066\u5225\u65b9\u5f0f\u3092\u4f7f\u7528\u3059\u308b\u3088\u3046\u8b66\u544a\u304c\u7740\u305f\u3088\u3046\u3067\u3057\u305f\u3002<\/p>\n\n\n\n

Let’s Encrypt\u306e\u7ba1\u7406\u30d7\u30ed\u30b0\u30e9\u30e0\u300ccertbot\u300d\u30920.28\u4ee5\u4e0a\u306b\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3059\u308c\u3070\u3044\u3044\u3089\u3057\u3044\u306e\u3067\u3001\u78ba\u8a8d\u3092\u3057\u305f\u3068\u3053\u308d\u3001<\/p>\n\n\n\n

root@wordpress-vm:~# certbot –version<\/strong><\/p>

certbot 0.10.2<\/strong><\/p>

root@wordpress-vm:~#<\/p><\/blockquote>\n\n\n\n

\u3068\u53e4\u304b\u3063\u305f\u306e\u3067\u300capt-get dist-upgrade\u300d\u3067\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3057\u3001(dist-\u3092\u3064\u3051\u306a\u3044\u3068\u300cThe following packages have been kept back:\u300d\u3067\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3055\u308c\u306a\u3044)<\/p>\n\n\n\n

root@wordpress-vm:~# certbot –version<\/strong><\/p>

certbot 0.28.0<\/strong><\/p>

root@wordpress-vm:~# <\/p><\/blockquote>\n\n\n\n

\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n\n\n\n

\u305d\u306e\u5f8cApache\u3092\u843d\u3068\u3057\u3066\u3001\u8a3c\u660e\u66f8\u306e\u66f4\u65b0\u304c\u51fa\u6765\u308b\u304b\u3092\u8a66\u3057\u305f\u3068\u3053\u308d\u3001<\/p>\n\n\n\n

 root@wordpress-vm:~# certbot renew –dry-run –preferred-challenges http<\/strong><\/p>

Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log<\/p>

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>

Processing \/etc\/letsencrypt\/renewal\/aoboshi.org.conf<\/p>

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>

Cert not due for renewal, but simulating renewal for dry run<\/p>

Plugins selected: Authenticator standalone, Installer apache<\/p>

Renewing an existing certificate<\/p>

Performing the following challenges:<\/p>

http-01 challenge for aoboshi.org<\/p>

Waiting for verification…<\/p>

Cleaning up challenges<\/p>

 – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>

new certificate deployed with reload of apache server; fullchain is<\/p>

\/etc\/letsencrypt\/live\/aoboshi.org\/fullchain.pem<\/p>

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>

Processing \/etc\/letsencrypt\/renewal\/www.aoboshi.org.conf<\/p>

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>

Cert not due for renewal, but simulating renewal for dry run<\/p>

Plugins selected: Authenticator webroot, Installer None<\/p>

Renewing an existing certificate<\/p>

Performing the following challenges:<\/p>

http-01 challenge for www.aoboshi.org<\/p>

Waiting for verification…<\/p>

Cleaning up challenges<\/p>

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>

new certificate deployed without reload, fullchain is<\/p>

\/etc\/letsencrypt\/live\/www.aoboshi.org\/fullchain.pem<\/p>

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>

** DRY RUN: simulating ‘certbot renew’ close to cert expiry<\/p>

**          (The test certificates below have not been saved.)<\/p>

Congratulations, all renewals succeeded. The following certs have been renewed:<\/strong><\/p>

  \/etc\/letsencrypt\/live\/aoboshi.org\/fullchain.pem (success)<\/p>

  \/etc\/letsencrypt\/live\/www.aoboshi.org\/fullchain.pem (success)<\/p>

** DRY RUN: simulating ‘certbot renew’ close to cert expiry<\/p>

**          (The test certificates above have not been saved.)<\/p>

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p><\/blockquote>\n\n\n\n

\u6b63\u5e38\u306b\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3067\u304d\u308b\u7d50\u679c\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

\u672c\u65e5Let\u2019s Encrypt\u304b\u3089\u30e1\u30fc\u30eb\u304c\u6765\u307e\u3057\u305f\u3002 Action required: Let’s Encrypt certificate renewals Hello, Action may be requ […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1206","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/aoboshi.org\/index.php?rest_route=\/wp\/v2\/posts\/1206","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aoboshi.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aoboshi.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aoboshi.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aoboshi.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1206"}],"version-history":[{"count":0,"href":"https:\/\/aoboshi.org\/index.php?rest_route=\/wp\/v2\/posts\/1206\/revisions"}],"wp:attachment":[{"href":"https:\/\/aoboshi.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aoboshi.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aoboshi.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}