Documentation should have a "Requirements" page

[jvanasco]

Under Subscriber Information there should be a "Requirements" page that lists things such as:

• TLS v1.2 is required for inbound connections (Client API Requests) and outbound connections (Validation).

and any other requirements. This information is currently only available in the API Announcements section of the forum

[bdaehlie]

I'm not sure I understand how this would be helpful for many folks. For example - how many people really need to be told that TLS 1.2 is required?

Also, I feel like this might get messy in terms of what's required for different ways one might want to interact with us (e.g. challenge choice).

What other kinds of requirements did you have in mind?

[jvanasco]

I'm not sure I understand how this would be helpful for many folks. For example - how many people really need to be told that TLS 1.2 is required?

Today, not many. When the previous TLS deprecations happened, the forum was consistently filled with posts that were due to unsupported TLS versions. This will likely happen again.

Other potential requirements OTOH:

• reiterating the target domain for the challenge is globally available
• the acme server's root certificate
• listing the required private key support (type, size/curve)

The last two sound silly, but based on prior forum activity a significant number of users simply do not have automatic updates turned on, do not perform routine maintenance, and issues were often due to outdated packages or systems. Hopefully, the adoption of snap by Certbot will prevent many of this issues in the future.

I know it doesn't seem like much a few years into the last deprecations, but 1.2 and 1.3 will eventually be deprecated and this cycle will repeat. The endpoint's trusted root will also eventually shift.