Statement on LetsEncrypt HTTP/TLS-ALPN Certificate Revocation
kphillips Administrator Netgate
LetsEncrypt recently announced and notified subscribers of a plan to revoke certificates issued using the HTTP/TLS-ALPN validation method.
You may find more information from LetsEncrypt's FAQs here.
This fix was identified and implemented by LetsEncrypt and requires no updates or changes to the ACME package in pfSense, but will require user intervention if you are in the affected date range using this method of validation.
Netgate recommends DNS-based update methods for ACME. However, if you have used TLS-ALPN for certificate verification within the timeframe outlined by LetsEncrypt, please make sure you manually initiate a renewal of any certificate validated using TLS-ALPN to avoid disruption.
For more information on the various validation methods for ACME and our recommendations, please visit our documentation here.