Cerbot 0.28 still using SNI

If you use certbot next time (after 2019-03-13) and if tls-sni-01 is used again, your certbot will crash.

Then execute it one time manual with the --preferred-challenges http, then the config should be changed.

@JuergenAuer - I appreciate the suggestion but it doesn’t really answer the underlying question:

Why is certbot using SNI?

What are the determining factors? I have at least 8 other servers running more or less the exact same configuration and they are all issuing certificates using HTTP challenge. As much as a workaround is useful here, my goal is to gain a better understanding of the software itself and what would cause it to act this way.

The only reasons that should be able to happen are:

  • Components of Certbot are actually an older version.

  • Its configuration files are setting the preferred challenges.

  • You’re using --preferred-challenges on the command line.

You’ve confirmed it’s not /etc/letsencrypt/cli.ini, but it could also be specified in the home directory files.

Well it doesn’t appear to be any of those things. I did a grep -r challenge /etc/letsencrypt and there are no files anywhere in there relating to challenge. I don’t see any letsencrypt config files in my home directory and I’m not using --preferred-challenges on the command line.

According to what you’ve said that only leaves the possibility of components being an older version but I’ve updated everything to the latest version available through apt and the official repo certbot/certbot.

So what gives? We’re missing something here…

On second thought, I don’t remember if that’s possible. The TLS-SNI warning message, and the decision, might come from the same component?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.