[tor-bugs] #32964 [Circumvention/Snowflake]: Redeploy Snowflake bridge with ACMEv2 by 2020-06-01

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jan 15 19:41:33 UTC 2020 

#32964: Redeploy Snowflake bridge with ACMEv2 by 2020-06-01
-----------------------------------------+--------------------
     Reporter:  dcf                      |      Owner:  (none)
         Type:  task                     |     Status:  new
     Priority:  Medium                   |  Milestone:
    Component:  Circumvention/Snowflake  |    Version:
     Severity:  Normal                   |   Keywords:
Actual Points:                           |  Parent ID:
       Points:                           |   Reviewer:
      Sponsor:                           |
-----------------------------------------+--------------------
 I got this email today. 2a00:c6c0:0:151:4:8f94:69f5:7c01 is
 snowflake.bamsoftware.com.

 Most likely, resolving this is just a matter of `go get -u` to pull an
 updated [https://godoc.org/golang.org/x/crypto/acme/autocert
 golang.org/x/crypto/acme/autocert]

 > According to our records, the software client you're using to get Let's
 Encrypt TLS/SSL certificates issued or renewed at least one HTTPS
 certificate in the past two weeks using the ACMEv1 protocol. Your client's
 IP address was:
 >
 >   2a00:c6c0:0:151:4:8f94:69f5:7c01
 >
 > Beginning June 1, 2020, we will stop allowing new domains to validate
 using the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible
 client before then, or certificate issuance will fail. For most people,
 simply upgrading to the latest version of your existing client will
 suffice. You can view the client list at: https://letsencrypt.org/docs
 /client-options/
 >
 > If you're unsure how your certificate is managed, get in touch with the
 person who installed the certificate for you. If you don't know who to
 contact, please view the help section in our community forum at
 https://community.letsencrypt.org/c/help and use the search bar to check
 if there's an existing solution for your question. If there isn't, please
 create a new topic and fill out the help template.
 >
 > ACMEv1 API deprecation details can be found in our community forum:
 https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1
 >
 > As a reminder: In the future, Let's Encrypt will be performing multiple
 domain validation requests for each domain name when you issue a
 certificate. While you're working on migrating to ACMEv2, please check
 that your system configuration will not block validation requests made by
 new Let's Encrypt IP addresses, or block multiple matching requests. Per
 our FAQ (https://letsencrypt.org/docs/faq/), we don't publish a list of IP
 addresses we use to validate, and this list may change at any time.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32964>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list