Further to a comment made in another thread:
“your client is still using the tls-sni-01 challenge type … This has been deprecated for all new issuance, but is still enabled for renewals. At some point in the future, that will no longer be the case”
This seems a little worrying to me, so I have a couple of questions:
How do I know if my current certificates are being renewed using
I have been using certbot 0.26.1 (under Ubuntu 16.04) and creating certificates with:
sudo certbot --apache -d www.domainname.com
How do I ensure that certbot uses another challenge method by default for future automatic renewals of my domains (from what I can tell,
http should be OK for me as I’m using the Apache plugin)?