I realize it is a busy day on this forum due to the TLS-SNI-01 validation email, and I appreciate the community involvement and assistance.
Like many users, I am trying to determine the best alternative to TLS-SNI for my sistuation. I’ve noticed there are many users posting who seem to be in the same boat as me: they are happy to move to another solution, but they can’t (or don’t want to) use port 80. We also don’t use one of the supported DNS servers that woudl allow dns-01 validation. It appears that all other validation methods require port 80, except for TLS-ALPN, which is also one of the the solutions referenced in the email itself.
However, it appears that certbot does not yet support TLS-ALPN, at least not through all of its validation methods. I do see some reference to TLS-ALPN in the changelog, but if it is available presently, I certainly can’t get it to work, and it seems that others are having the same problem.
I do realize that there are other ACME clients out there, and many have suggested acme.sh, which looks like a great tool; however, certbot is the client referenced in the letsencrypt documentation and is the “recommended” client according to letsencrypt (see, for example, https://letsencrypt.org/docs/client-options/).
Based on the foregoing, wouldn’t it make more sense to delay the TLS-SNI “cutoff” until the proper replacement method, TLS-ALPN, is fully supported by certbot? Like many, I am concerned with making a change to another solution only to find support for TLS-ALPN in the future, and the further need to switch back. If I am wrong with my understanding of the current state of these tools, please let me know!
Again, thanks to the developers and others on this forum for all of the assistance.