Can I find out which domain was renewed by TLS-SNI-01?

I received the “you used TLS-SNI-01 … in the last 60 days” email. I’ve checked all the hosts that I manage and they all appear to be using HTTP-01. Is there any way to find out exactly which domain the email relates to?

Not currently, unfortunately, other than reviewing your logs.

It’s possible that they were using TLS-SNI-01 in the last 60 days and got switched to HTTP-01 more recently.

For example, if you’re using Certbot, and recently updated to 0.28.0, that could do it.

1 Like

You could check the configuration in /etc/letsencrypt/renewal/foo.example.com.conf and look for the pref_challs setting.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.