I’m using the latest Certbot with the Apache plugin, and judging from all the activity on the forum right now I think there are a lot of others in the same situation.
Here is what resolved the matter for me:
In your /etc/letsencrypt/cli.ini add preferred-challenges = http.
Test first with the command certbot renew --force-renewal --dry-run.
If no errors, run certbot renew --force-renewal.
This is tested and working on Ubuntu Server 16.04 and 18.04, which is a pretty typical use-case. I have the cronjob @daily /usr/bin/certbot renew --quiet (I think this is also pretty typical) and must have missed the earlier warnings about TLS-SNI-01 deprecation.
Hope this helps and thanks to the forum mods, who are probably very busy right now with all the new posts! If you test this method with different plugins and it works, please post a reply so others can find what works easily.
This addressed my concerns even tho all my renewals showed as using HTTP-01 I was worried something would go wrong down the line. Forced a renew and all appears to be ok.
No problem, just create it instead or add --preferred-challenges http to your command (or script) to do the same thing. Having this file is convenient because you can put all the options in it and just run certbot renew without having to remember them.
As always, test first with --dry-run to check for errors.
