Remove SSL Labs From Certbot Output (#8109)

The Apache plugin expects clients to support SNI, but SSL Labs tries without SNI and includes the results in their score. Closes certbot/certbot#7728
2026-06-09 08:42:57 -04:00 · 2020-06-25 20:42:07 +02:00 · 2020-06-25 20:42:07 +02:00 · b9a8248541
commit b9a8248541
parent 8027430625
3 changed files with 7 additions and 11 deletions
--- a/certbot/CHANGELOG.md
+++ b/certbot/CHANGELOG.md
@ -27,6 +27,7 @@ Certbot adheres to [Semantic Versioning](https://semver.org/).
 * Don't use `StrictVersion`, but `LooseVersion` to check version requirements with setuptools,
  to fix some packaging issues with libraries respecting PEP404 for version string,
  with doesn't match `StrictVersion` requirements.
+* Certbot output doesn't refer to SSL Labs due to confusing scoring behavior.

 More details about these changes can be found on our GitHub repo.

--- a/certbot/certbot/display/ops.py
+++ b/certbot/certbot/display/ops.py
@ -241,11 +241,8 @@ def success_installation(domains):

    """
    z_util(interfaces.IDisplay).notification(
-        "Congratulations! You have successfully enabled {0}{1}{1}"
-        "You should test your configuration at:{1}{2}".format(
-            _gen_https_names(domains),
-            os.linesep,
-            os.linesep.join(_gen_ssl_lab_urls(domains))),
+        "Congratulations! You have successfully enabled {0}".format(
+            _gen_https_names(domains)),
        pause=False)


@ -258,13 +255,12 @@ def success_renewal(domains):
    z_util(interfaces.IDisplay).notification(
        "Your existing certificate has been successfully renewed, and the "
        "new certificate has been installed.{1}{1}"
-        "The new certificate covers the following domains: {0}{1}{1}"
-        "You should test your configuration at:{1}{2}".format(
+        "The new certificate covers the following domains: {0}".format(
            _gen_https_names(domains),
-            os.linesep,
-            os.linesep.join(_gen_ssl_lab_urls(domains))),
+            os.linesep),
        pause=False)

+
 def success_revocation(cert_path):
    """Display a box confirming a certificate has been revoked.

--- a/certbot/docs/ciphers.rst
+++ b/certbot/docs/ciphers.rst
@ -110,8 +110,7 @@ to most-backwards compatible). The client will follow the Mozilla defaults
 for the *Intermediate* configuration by default, at least with regards to
 ciphersuites and TLS versions. Mozilla's web site describes which client
 software will be compatible with each configuration. You can also use
-the Qualys SSL Labs site, which Certbot will suggest
-when installing a certificate, to test your server and see whether it
+the Qualys SSL Labs site to test your server and see whether it
 will be compatible with particular software versions.

 The Let's Encrypt project expects to follow the Mozilla recommendations