If you use certbot next time (after 2019-03-13) and if tls-sni-01 is used again, your certbot will crash.
Then execute it one time manual with the --preferred-challenges http, then the config should be changed.
@JuergenAuer - I appreciate the suggestion but it doesnât really answer the underlying question:
Why is certbot using SNI?
What are the determining factors? I have at least 8 other servers running more or less the exact same configuration and they are all issuing certificates using HTTP challenge. As much as a workaround is useful here, my goal is to gain a better understanding of the software itself and what would cause it to act this way.
The only reasons that should be able to happen are:
-
Components of Certbot are actually an older version.
-
Its configuration files are setting the preferred challenges.
-
Youâre using
--preferred-challengeson the command line.
Youâve confirmed itâs not /etc/letsencrypt/cli.ini, but it could also be specified in the home directory files.
Well it doesnât appear to be any of those things. I did a grep -r challenge /etc/letsencrypt and there are no files anywhere in there relating to challenge. I donât see any letsencrypt config files in my home directory and Iâm not using --preferred-challenges on the command line.
According to what youâve said that only leaves the possibility of components being an older version but Iâve updated everything to the latest version available through apt and the official repo certbot/certbot.
So what gives? Weâre missing something hereâŚ
On second thought, I don't remember if that's possible. The TLS-SNI warning message, and the decision, might come from the same component?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.