Am I OK with TLS-SNI-01?

#1

I am trying to figure out if I am ok regarding TLS-SNI-01 deprecation?

When I run certbot --dry-run things work good and it says “http-01 challenge for xxx”.

However, when I run certbot --renew I see:

tls-sni-01 challenge for xxxx
TLS-SNI-01 is deprecated, and will stop working soon

Is this expected?

#2

Hi @fsa317

if your certificate is max. 30 days old, run

certbot --renew --preferred-challenges http

The test system doesn’t support tls-sni, the productive system does it (will stop 2019-03-~~).

#3

Depending on your version of Certbot, this may be expected. The fact that the --dry-run succeeds is a good sign and indicates that the ordinary renewal should work after the deprecation, although you can also try what @JuergenAuer suggests.

closed #4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.