Just received email from letsencrypt.org to upgrade certbot as TLS-SNI-01 validation is reaching end-of-life.
By running
/usr/bin/letsencrypt --version
certbot 0.17.0
Following the instructions from https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210 needs to upgrade to 0.28 or higher.
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx
certbot --version
certbot 0.28.0
2.Remove any explicit references to tls-sni-01 in your renewal configuration:
sudo sh -c "sed -i.bak -e 's/^\(pref_challs.*\)tls-sni-01\(.*\)/\1http-01\2/g' /etc/letsencrypt/renewal/*; rm -f /etc/letsencrypt/renewal/*.bak"
3. Run sudo certbot renew –dry-run. Remember to turn off nginx before you run it as it will have fail to bind port error.
That’s it. Good Luck with your upgrade.
LeckyLao's Blog 