AWS Apache Certificate Renewal failing


#1

I set up certbot/letsencrypt early last year and have successfully been renewing my certificates ever since (I’m using Wordpress multisite so am creating a wildcard certificate for about 20 domains). My certificates expired yesterday, so I went to renew today and just get:

Plugins selected: Authenticator apache, Installer apache

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for <domain.tld 1>

http-01 challenge for <domain.tld 2>

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

I’ve tried a few things, but no success. Any suggestions?

AWS Linux 2018.03 with Apache


#2

The first and foremost: Don’t hide the domain name(s).
Help is most helpful when provided sufficient information to make an educated analysis…

That said, try upgrading the certbot/letsencrypt client.
[be sure port 80 can reach your server]

If that doesn’t impreove the situation, try using --webroot -w /your/site/root
[this should work without having to use the apache plugin]

If that fails, see my first suggestion.
Better yet, answer the as much as you can:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):