Let's Encrypt disables TLS-SNI-01 validation

It is possible to exploit the protocol to obtain certificates for domains you do not own.