It seems like our clients are getting the TLS-SNI-01 update warning notifications, but none so far seem to have that as the active authentication method. The authenticator configs are all listed as nginx, but they’re still getting the emails about needing to update.
Am I missing something here?
Example domain is: https://sacredplaces.org/
I ran this command: certbot renew --dry-run
It produced this output:
# Options used in the renewal process
[renewalparams]
account = ACCOUNT_ID_HERE
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = nginx
installer = nginx
...skipping...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sacredplaces.org
Waiting for verification...
Cleaning up challenges
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/sacredplaces.org/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
My web server is (include version): nginx
The operating system my web server runs on is (include version): CentOS 7
I can login to a root shell on my machine (yes or no, or I don’t know): yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.26.1 (other clients have been on >0.28)
Out of caution we’ll be updating this particular client, but all other signs point to them being good to go already.