Recently, I came upon a couple issues setting up Let’s Encrypt for a few new domains I was setting up. The solutions weren’t entirely obvious and I had to make my own for part of it, so here’s what I found. I hope it’ll save you some hassle.
Issue: “Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA”
1. Get Os Name and version: cat /etc/*-release
2. Re-install/update following the commands on https://certbot.eff.org/
Already tried a workaround that broke things like I did?
If you already brought your sites down when apache2 failed to start:
1. sudo a2dissite the configs that are causing problems
2. sudo service apache2 start
If old configs appear missing try:
sudo su
sudo service apache2 start
exit or cntrl+D to get back out of super user
Now that the other sites are at least live, update certbot as described above, sudo a2ensite the configs, but do not restart apache2 yet or you’ll get the same issues.
Run the standard command (with your domains):
sudo certbot –apache -d test.com -d www.test.com
I requested a new cert, but you can try to fix the old one and use a new one if that doesn’t work.
Finally,
sudo service apache2 start
or
sudo su
sudo service apache2 start
if necessary
Issue: Auto renew fails with sites with Cloudflare
You may need to set authenticator = webroot in the file for that domain under:
/etc/letsencrypt/renewal
Summary
I hope this article has helped you out and saved you a bit of extra time!
To double check you’ve got everything running properly use:
sudo certbot renew –dry-run
or to test a single domain:
sudo certbot renew –cert-name test.com –dry-run
Be First to Comment