Am I using TLS-SNI-01?

#1

I received the email about ANI-01 o few weeks ago. It mentioned a couple of the certs that I have claiming they are updated using TLS-SNI-01.

I’ve now had a chance to go to reconfigure these certs but when I went to do so, there was no mention of sni in the renewal files. Also when I run certbot renew --dry-run, everything works and is being authenticated via http-01.

Even though I am sure I’ve not made any changes, am I likely to be OK when SNI-01 is disabled?

#2

Assuming that your Certbot is version 0.28 or higher when you do the --dry-run, then yes, you are fine.

certbot --version
1 Like
#3

Yeah, I’m on 0.28.

Thanks for the reassurance.

#4

There is still a slim chance that your renewal.conf file is forcing TLS-SNI-01.
In such cases it may still fail the automatic renewal even thou it can use HTTP-01.

For this first go 'round, I would keep an eye on your cert expiration dates with:
certbot certificates
[if all works as expected, you should not see them go with less than 30 days left]

closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.