The error isn’t related to anything about domain validation, but about a change to the ACME protocol (ACME v2 - Scheduled deprecation of unauthenticated resource GETs) that went into effect in December.
If you keep the packages installed on your server up to date (apt update && apt upgrade
), this problem will solve itself.
The particular package you need to target with the upgrade on Debian Stretch is python3-acme
. The latest version of the package available in the Stretch repos is 0.28.0-1~deb9u2
.