Like many, I received the email about tls being deprecated, even though I updated certbot to version 0.28 in January.
So, while debugging it, I came across this:
My case:
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for vortechmusic.com
tls-sni-01 challenge for www.vortechmusic.com
TLS-SNI-01 is deprecated, and will stop working soon.
The solution that worked for me was the one mentioned there. Run the below, and verify that ALL of your plugins are version 0.28. Turns out one of my was not, even though certbot --version says 0.28.0:
$ dpkg --list | grep -E "python.?-certbot"
ii python-certbot-nginx 0.28.0-1+ubuntu16.04.1+certbot+3 all transitional dummy package
ii python3-certbot 0.28.0-1+ubuntu16.04.1+certbot+4 all main library for certbot
ii python3-certbot-nginx 0.25.0-2+ubuntu16.04.1+certbot+1 all Nginx plugin for Certbot
To fix it, just do:
sudo apt install python3-certbot-nginx
And verify:
$ dpkg --list | grep -E "python.?-certbot"
ii python-certbot-nginx 0.28.0-1+ubuntu16.04.1+certbot+3 all transitional dummy package
ii python3-certbot 0.28.0-1+ubuntu16.04.1+certbot+4 all main library for certbot
ii python3-certbot-nginx 0.28.0-1+ubuntu16.04.1+certbot+3 all Nginx plugin for Certbot
And run the dry-run to check it does use http now:
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for vortechmusic.com
http-01 challenge for www.vortechmusic.com
Yay!