I tried the sudo certbot --preferred-challenges http and sudo certbot --preferred-challenges dns both gives me the None of the preferred challenges are supported by the selected plugin
That particular restriction times out after one hour and then you can try again. You might want to try one of the other challenge types as @bmw described.
@schoen
yup, I tried the manual and webhook a few times. I am thinking if I am setting the directory wrong for webroot. But I forgot how I tried it already, I will give it another try after few hours.
I am currently using nginx, nodejs with pm2. So the directory is going to where my app.js is? app.js is where I use pm2 to start my service
It will write wherever you tell it the webroot is—but in order for it to work, the web server needs to be able to serve static files from within that directory (or at least for the .well-known/acme-challenge subdirectory).
I tried with option of @bmw for apache with this certbot --authenticator webroot --webroot-path /etc/letsencrypt renew
but with this it if giving issue of .well-known/acme-challenge not found.
I followed that advice but still ran into an unrelated issue. The cert required will have 4 SAN’s. The cert it is replacing currently contains sec.example.org and www.example.org. All are served from the same webroot directory as there are 5 subdomains pointing to the same content (example.org, www.example.org, sec.example.org, example.chat and www.example.chat) however I am getting an error…
Using the webroot path /var/www/secure.example.org for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.example.chat (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.chat/.well-known/acme-challenge/c7fDGGS943ffJ7rhEE3doJridm7fidKH7HSBdr5YThN: "
The example.chat URL is presently serving the correct content and is presenting the existing sec.example.org cert with the usual error in the browser … any suggestions?