Further to a comment made in another thread:
"your client is still using the tls-sni-01 challenge type ... This has been deprecated for all new issuance, but is still enabled for renewals. At some point in the future, that will no longer be the case"
This seems a little worrying to me, so I have a couple of questions:
-
How do I know if my current certificates are being renewed using
tls-sni-01
? -
I have been using certbot 0.26.1 (under Ubuntu 16.04) and creating certificates with:
sudo certbot --apache -d www.domainname.com
How do I ensure that certbot uses another challenge method by default for future automatic renewals of my domains (from what I can tell, http
should be OK for me as I'm using the Apache plugin)?
Thanks.