[Let's Encrypt] How to resolve 'Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.' error
I’ll introduce how to resolve the error Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. in Let’s Encrypt.
First, check the version of certbot currently in use.
$ certbot --version
certbot 0.14.2
$ sudo /usr/bin/certbot renew \\
--renew-hook "/bin/systemctl start nginx"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/example.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Attempting to renew cert from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/example.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Since the cause is an outdated version of certbot, upgrading certbot will resolve the issue.
sudo apt-get update
sudo apt-get install --only-upgrade certbot
Check the version of certbot after the upgrade.
$ certbot --version
certbot 0.31.0
It seems the certbot command options have changed due to the upgrade.
For Nginx, I was able to complete the SSL certificate renewal by running the certbot command with the following options:
$ sudo certbot \\
--authenticator standalone \\
--installer nginx \\
-d example.com \\
--pre-hook "/bin/systemctl stop nginx" \\
--post-hook "/bin/systemctl start nginx"
Note that since we stop and start nginx, there will be a few seconds of downtime where Nginx cannot process requests.
If you encounter the error The requested nginx plugin does not appear to be installed, please refer to the following article for resolution:
That’s all from the Gemba, where we upgraded certbot to renew Let’s Encrypt SSL certificates.