Two days ago I received the mail below. TLS-SNI-01 will no longer be supported in the future. With this guide I’ll show you how to update the Let’s Encrypt certificate to the new standards. In my concrete example it is a Debian System 9.7 (Stretch) with a Nextcloud (Apache webserver) and certbot.
Your Let’s Encrypt client used ACME TLS-SNI-01 domain validation to issue a certificate in the past 60 days. Below is a list of names and IP addresses validated (max of one per account):
TLS-SNI-01 validation is reaching end-of-life. It will stop working temporarily on February 13th, 2019, and permanently on March 13th, 2019. Any certificates issued before then will continue to work for 90 days after their issuance date.
You need to update your ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your certificate renewals will break and existing certificates will start to expire.
First of all ensure you have certbot version 0.28.0 oder newer installed. Ensure your usig those comnmands with the root/admin user.