I received the email about ANI-01 o few weeks ago. It mentioned a couple of the certs that I have claiming they are updated using TLS-SNI-01.
I’ve now had a chance to go to reconfigure these certs but when I went to do so, there was no mention of sni in the renewal files. Also when I run certbot renew --dry-run, everything works and is being authenticated via http-01.
Even though I am sure I’ve not made any changes, am I likely to be OK when SNI-01 is disabled?
Assuming that your Certbot is version 0.28 or higher when you do the --dry-run, then yes, you are fine.
certbot --versionYeah, I’m on 0.28.
Thanks for the reassurance.
There is still a slim chance that your renewal.conf file is forcing TLS-SNI-01.
In such cases it may still fail the automatic renewal even thou it can use HTTP-01.
For this first go 'round, I would keep an eye on your cert expiration dates with:
certbot certificates
[if all works as expected, you should not see them go with less than 30 days left]
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.