How to stop using TLS-SNI-01 with Certbot / Ubuntu / Nginx



Step 1: Update Certbot to latest version

sudo apt-get update && sudo apt-get install certbot python-certbot-nginx -y

Confirm version is 0.28 or higher:

certbot --version || /path/to/certbot-auto --version

Step 2: Follow the guide

Remove any explicit references to tls-sni-01 in your renewal configuration sudo sh -c "sed -i.bak -e 's/^\(pref_challs.*\)tls-sni-01\(.*\)/\1http-01\2/g' /etc/letsencrypt/renewal/*; rm -f /etc/letsencrypt/renewal/*.bak"

Do a full renewal dry run: sudo certbot renew --dry-run

Origin post at (2019-03-06)

#linux #letsencrypt #certbot #nginx