Challenge type "tls-sni-01" no longer allowed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: svdsoshop.nl

I ran this command: ./certbot-auto renew

It produced this output: The request message was malformed :: Unable to update challenge :: challenge type “tls-sni-01” no longer allowed

My web server is (include version): apache

The operating system my web server runs on is (include version): centos 6.10

Hi @pgh2011

yes, tls-sni-01 is deprecated. Use

./certbot-auto renew --preferred-challenges http

instead. Perhaps check your certbot version and update.

That worked for svdsoshop.nl! Thanks.

But for a other domain I get:

Processing /etc/letsencrypt/renewal/www.svdsoshop.nl.conf

Attempting to renew cert (www.svdsoshop.nl) from /etc/letsencrypt/renewal/www.svdsoshop.nl.conf produced an unexpected error: unorderable types: NoneType() < NoneType(). Skipping.
The following certs could not be renewed:
/etc/letsencrypt/live/www.svdsoshop.nl/fullchain.pem (failure)

Please share the content of this file.

And

/var/log/letsencrypt/letsencrypt.log

PS: Looks like you have certificates you don't need. And you try to recreate them.

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:true;include_subdomains:false;domain:svdsoshop.nl&lu=cert_search

With one domain name and with two domain names.

So you should cleanup your configuration.

certbot-auto certificates

then check, which certificate you use. Then

certbot delete [certificate-name]

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.