MoinQ:

Letsencrypt/NEWSについて、ここに記述してください。

https://community.letsencrypt.org/t/turning-off-old-insecure-challenge-types/3825

Let's Encrypt will no longer be offering the "simpleHttp" and "dvsni" challenges as of Thursday, November 19. If your client depends on these challenges, you will need to update to the "http-01" or "tls-sni-01" challenges by that date, or your client will no longer work.

The current version of the official Let's Encrypt client supports the new challenges.

This change is required because these older challenges have a signature reuse vulnerability, reported on the IETF ACME list by Andrew Ayer several weeks ago.

Also, please note: The "tls-sni-01" challenge currently offered by Let's Encrypt is currently not compatible with the "tls-sni-01" challenge defined in draft-ietf-acme-acme-01.

It lacks the "n" parameter. This is a known issue, and will be resolved once the IETF ACME working group decides whether to keep the "n" parameter.