Challenge type "tls-sni-01" no longer allowed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: ./certbot-auto renew

It produced this output: The request message was malformed :: Unable to update challenge :: challenge type “tls-sni-01” no longer allowed

My web server is (include version): apache

The operating system my web server runs on is (include version): centos 6.10

Hi @pgh2011

yes, tls-sni-01 is deprecated. Use

./certbot-auto renew --preferred-challenges http

instead. Perhaps check your certbot version and update.

1 Like

That worked for! Thanks.

But for a other domain I get:

Processing /etc/letsencrypt/renewal/

Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: unorderable types: NoneType() < NoneType(). Skipping.
The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

Please share the content of this file.



PS: Looks like you have certificates you don't need. And you try to recreate them.;include_subdomains:false;

With one domain name and with two domain names.

So you should cleanup your configuration.

certbot-auto certificates

then check, which certificate you use. Then

certbot delete [certificate-name]

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.