Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/example.com/fullchain.pem (failure)
On Jan 9th 2018 Let’s Encrypt got a report that one of their three validation methods, TLS-SNI-01, could be used to get certificates for domains you don’t own. As a result, Let’s Encrypt permanently disabled the TLS-SNI-01 challenge.
The above issue can be resolved by updating to the latest version of Certbot and renewing certs again.
Alternatively, these hooks below will cause Certbot to automatically stop your server to obtain certificates and then start it again. This should only be a temporary measure until you update Certbot because when it comes to renewing your cert again in 90 days, Certbot may fail.
Note for Cloudflare users: You must temporarily Pause your website in the control panel, otherwise Cloudflare may interfere with the renewal.
Apache
For Apache, run this command. Make sure to replace example.com with your own domain.
sudo certbot --authenticator standalone --installer apache -d example.com -d www.example.com --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"
Nginx
For Nginx, run this command. Make sure to replace example.com with your own domain.
sudo certbot --authenticator standalone --installer nginx -d example.com -d www.example.com --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
Let me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.
Perfect Boss you saved me 🙂
This solution didn’t work for me, facing same error in Nginx. Any idea how to fix this?
> ERROR:
> Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
when run for apache gives this error
“The requested apache plugin does not appear to be installed”
Try installing Certbot from scratch
Thanks for the info. This is the only site that I have found that mentions TLS-SNI-01 being disabled. Unfortunately, your solution for Apache did not work for me because my ISP is blocking port 80 (but not 443). Also because because I do not pay for a static IP, I use a DDNS service and have no control over DNS for the domain I selected. Are there any other options in certbot that I can use to generate a cert?
Thanks
Oh great, thanks you 😉
apt install certbot
Bravo¡¡
THANKS!
Obrigado, resolveu meu problema. Abraço !!!!
Thank you very much!
Works properly. Appreciate!!!!!
Thank you guys. Works like a charm! 🙂
Like a charm, thanks a lot!
Great!
Thanks, this worked!
🙂