Letsencrypt: remove deprecated tls-sni-02 challenge method #38137
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
The letsencrypt module supports three challenge types: http-01, dns-01 and tls-sni-02. While tls-sni-01 was never supported by the module, tls-sni-02 on the other hand was never active in boulder, the Let's Encrypt ACME server software, and will never be since it has turned out to be insecure, been deactivated, and was removed from the ACME specs (see https://community.letsencrypt.org/t/tls-sni-challenges-disabled-for-most-new-issuance/50316, https://community.letsencrypt.org/t/important-what-you-need-to-know-about-tls-sni-validation-issues/50811 and https://tools.ietf.org/html/draft-ietf-acme-acme-11).
Since it was never possible to actually use the tls-sni-02 challenge, simply removing it from the module does not break backwards compatibility. If anyone ever used it, he/she was never able to obtain a certificate with it.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
letsencrypt
ANSIBLE VERSION