Solution: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA

It will not be re-enabled for new issuance. Check out this post: TLS-SNI challenges disabled for most new issuance. In short, renewals will continue to work, but new issuances will not offer TLS-SNI-01.

Note that this does not increase your security, and harms usability for visitors to your sites, since they cannot get a redirect to port 443. Also, in this case, it's ruling out a challenge type that might otherwise work for you. I would recommend reconsidering the decision to block port 80, if the HTTP-01 challenge works better for you than the DNS challenge.

@bmw What's the recommended channel for receiving notifications about pending or actual Certbot releases?

Also, my guess is that in addition to Certbot updates, you'd also like updates about the Let's Encrypt services. We have two official communication channels:

Both channels allow you to subscribe to get email notifications when there are updates.

Certainly I do, and we're always doing our best to make your life as easy as we can, within the limits of our commitment to security. :slight_smile: