Let’s Encrypt will in less than a month no longer support the domain validation method TLS-SNI-01. Users of the free certification body who still use this option are currently informed by e-mail about the imminent end of support. Let’s Encrypt has decided to take this step because security problems can occur when checking domains with the outdated version. Since old versions of Certbot still use TLS-SNI-01, the change in Let’s Encrypt affects a larger portion of the users of the service. Also in the current version of Debian Stretch TLS-SNI-01 is still used by default.
Before Let’s Encrypt issues a new TSL certificate, the service checks whether the domain for which the certificate was applied for really belongs to the owner of the account. The ACME protocol used for this purpose then automatically issues the certificate. One of the validation options is TLS-SNI-01, in which the ownership of the domain can be ensured via the TLS extension SNI. To do this, a self-signed certificate is installed on the domain holder’s server at short notice, which uses the ACME protocol to validate the domain.
Security gap discovered in 2018
The problem here is a security gap that the scientist Frans Rosén discovered as early as 2018, which can lead to a situation in which a person other than the actual domain holder can deliver a corresponding certificate and thus validate a domain that does not even belong to him. This vulnerability could also be exploited with large hosters such as Heroku and Amazon Cloudfront. While the two companies have now internally addressed the vulnerability, it is very likely that the problem will persist with a number of other hosters. In the transition period between the discovery of the gap and the final shutdown on 13 February 2019, there was still a exception that allowed existing certificates to be renewed via the vulnerable method. This possibility no longer exists either.
New Validation Methods
In future, instead of TLS-SNI-01, the validation methods that are considered safe can be used via http, DNS and the TLS extension ALPN. The elimination of the method previously used by many users means that the automatic renewal of certificates no longer works. However, an update of Certbot to a newer version than 0.21 from January 2018 gives affected users new possibilities to set up an automatic renewal of their certificates.