Awesome feedback and I appreciate the super quick response.
Just for clarity for myself and all following this thread - Is the TLS-SNI challenge essentially dead, from here on forward, for all new issuances? I’m pretty sure I read in a different thread it was re-enabled for some of the “Big Boys”. I was under the impression that TLS-SNI challenges were only temporarily disabled.
Futhermore, if HTTP-01 and DNS challenges are the sole remaining options, if a new issuance is done via HTTP-01, will renews require HTTP-01 or will they default to the TLS-SNI challenge? If allowing port 80 was under my control, it would be. My PHBs also have excessively tight sphincters when it comes to security, which I get from a certain point of view.
I’m just trying to determine whether using the DNS challenge is the best fit long term for my situation.
Again, thanks to the team for all it does.