I’ve just followed the instructions to update certbot (https://certbot.eff.org/lets-encrypt/ubuntubionic-other), and it seems to work successfully on my Ubuntu 18.04 LTS system I have at home. However, when I update the certificate, I get a warning; tls-sni-01 challenge for djaychela.ddns.net TLS-SNI-01 is deprecated, and will stop working soon. - I was expecting this to no longer be the case after running
sudo sh -c "sed -i.bak -e 's/^\(pref_challs.*\)tls-sni-01\(.*\)/\1http-01\2/g' /etc/letsencrypt/renewal/*; rm -f /etc/letsencrypt/renewal/*.bak"
which was given in ’ How to stop using TLS-SNI-01 with Certbot’
I can’t find any references in my config files under /etc/letsencrypt/renewal which contains one .conf file with the following in:
[renewalparams]
installer = apache
authenticator = apache
account = 3XXXXXX (removed in case this is private)
apache_vhost_root = /etc/apache2/sites-available
server = https://acme-v02.api.letsencrypt.org/directory
I’m therefore don’t think I’ve managed to change from TLS-SNI-01 to HTTP-01. Can someone please point me in the right direction in terms of where I should be looking for the configuration option that is controlling this?
My domain is: djaychela.ddns.net
I ran this command: sudo letsencrypt renew --force-renewal
It produced this output: Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for djaychela.ddns.net
TLS-SNI-01 is deprecated, and will stop working soon.
Waiting for verification…
Cleaning up challenges
My web server is (include version): Apache/2.4.18 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 18.04.1 LTS
My hosting provider, if applicable, is: N/A (home hosted)
I can login to a root shell on my machine (yes or no, or I don’t know): yes
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): 0.28.0