CAA record prevents renewing certs for snowflake.torproject.net, 02.snowflake.torproject.net, and snowflake-broker.torproject.net
Since 2017, we've used Let's Encrypt (via the acme/autocert package) to issue TLS certificates for the Snowflake bridges and broker. The new CAA record for torproject.net has made that stop working. These are the expiration dates of the certificates we're not able to renew using the Let's Encrypt accounts we have used up to this point:
| Domain | NotAfter |
|---|---|
| 02.snowflake.torproject.net | 2024-01-13 14:03:53 |
| snowflake.torproject.net | 2024-01-20 11:23:43 |
| snowflake-broker.torproject.net | 2024-02-22 04:15:23 |
The earliest expiration is less than a week from now. How should we proceed?
Related: #41455, #41460 (closed)