Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
certbot renew --pre-hook “service nginx stop” --post-hook “service nginx start” --dry-run
It produced this output:
Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Running pre-hook command: service nginx stop
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for data.sofgensavetax.com
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0024_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0024_csr-certbot.pem
My web server is (include version):
The operating system my web server runs on is (include version):
Debian GNU/Linux 8 (jessie)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
We received an email regarding the end of support for ACME TLS-SNI-01 domain validation and that we need to update our ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01) or our certificate renewals will break and existing certificates will start to expire.
But from the output above, does this mean that we are already using http-01 domain validation and no need to perform any changes or whatsoever?
Apologies if my question may sound a bit stupid. I’m really new to this and still learning.
Thank you in advance.