Authenticator does not support any challenages


#1

I was following the steps here to setup certbot on my ubuntu 16.04

up to the command

sudo certbot --nginx

then I get to choose the domain that I would like to active https for and after selecting…I get the error below.

What does this error actually means though?

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

Does anyone has idea? Thanks a lot


#2

I just had the same issue … was working fine earlier … LE server issue perhaps?


#3

This is likely due to an incident in progress with Let’s Encrypt: http://letsencrypt.status.io/

Once it has been closed, Certbot should continue to work properly.

You could try to specify the http-01 or dns-01 challenges in the meantime: https://certbot.eff.org/docs/using.html#getting-certificates-and-choosing-plugins


#4

I tried the sudo certbot --preferred-challenges http and sudo certbot --preferred-challenges dns both gives me the None of the preferred challenges are supported by the selected plugin


#5

I just wrote some advice about working around this with Certbot here which people should hopefully find helpful.


#6

guess I have tried the first two options too many times now I am having errors for too many requests


#7

That particular restriction times out after one hour and then you can try again. You might want to try one of the other challenge types as @bmw described.


#8

@schoen
yup, I tried the manual and webhook a few times. I am thinking if I am setting the directory wrong for webroot. But I forgot how I tried it already, I will give it another try after few hours.

I am currently using nginx, nodejs with pm2. So the directory is going to where my app.js is? app.js is where I use pm2 to start my service


#9

It will write wherever you tell it the webroot is—but in order for it to work, the web server needs to be able to serve static files from within that directory (or at least for the .well-known/acme-challenge subdirectory).


#10

I tried with option of @bmw for apache with this certbot --authenticator webroot --webroot-path /etc/letsencrypt renew
but with this it if giving issue of .well-known/acme-challenge not found.


#11

Afaik you must specify you web root of your domain, eg:

/var/www/html/yourdomain.com

Because, it will generate .well-known/acme-challenge file.


#12

I followed that advice but still ran into an unrelated issue. The cert required will have 4 SAN’s. The cert it is replacing currently contains sec.example.org and www.example.org. All are served from the same webroot directory as there are 5 subdomains pointing to the same content (example.org, www.example.org, sec.example.org, example.chat and www.example.chat) however I am getting an error…

Using the webroot path /var/www/secure.example.org for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.example.chat (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.chat/.well-known/acme-challenge/c7fDGGS943ffJ7rhEE3doJridm7fidKH7HSBdr5YThN: "

404 Not Found

404 Not Found


"

IMPORTANT NOTES:

The example.chat URL is presently serving the correct content and is presenting the existing sec.example.org cert with the usual error in the browser … any suggestions?


#13

posts from

Also, the github post provided from @bmw has the same command too

the command

certbot --authenticator standalone --installer nginx -d example.com --pre-hook “service nginx stop” --post-hook “service nginx start”

worked for me.

Thanks a lot


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.