Thanks for this hint. However, it is hard to find the last successful validation there (lots of logged information).
I have found even better, that the renewal configuration files are in this folder:
In my particular case I find this parameter there:
pref_challs = dns-01
I assume that this means we are NOT using the offending TLS-SNI-01 nethod, and that therefore no action is required.
I wish that the seriously sounding email notification had included information about how to perform this basic check.