Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Statement on LetsEncrypt HTTP/TLS-ALPN Certificate Revocation

    Netgate Announcements
    1
    1
    4.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kphillips Administrator Netgate
      last edited by

      LetsEncrypt recently announced and notified subscribers of a plan to revoke certificates issued using the HTTP/TLS-ALPN validation method.

      You may find more information from LetsEncrypt's FAQs here.

      This fix was identified and implemented by LetsEncrypt and requires no updates or changes to the ACME package in pfSense, but will require user intervention if you are in the affected date range using this method of validation.

      Netgate recommends DNS-based update methods for ACME. However, if you have used TLS-ALPN for certificate verification within the timeframe outlined by LetsEncrypt, please make sure you manually initiate a renewal of any certificate validated using TLS-ALPN to avoid disruption.

      For more information on the various validation methods for ACME and our recommendations, please visit our documentation here.

      1 Reply Last reply Reply Quote 0
      • jimpJ jimp referenced this topic on
      • jimpJ jimp referenced this topic on
      • stephenw10S stephenw10 locked this topic on
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.