Cannot move with certificate from test to final. I have a Ubuntu 18.04 hosting multiple domains. All worked well with one domain (single hostname), now I struggle with the other one.

Tried the following command:
certbot certonly --staging -a webroot -w /var/www/html/agsten-online.de -d agsten-online.de -d www.agsten-online.de -d mx.agsten-online.de -d imap.agsten-online.de

This was working with result:
Congratulations! Your certificate and chain have been saved at …

But now I only have a faked CA, which results in errors with browsers, etc.

Next step I wanted to create the final cert using:
certbot certonly -a webroot -w /var/www/html/agsten-online.de -d agsten-online.de -d www.agsten-online.de -d mx.agsten-online.de -d imap.agsten-online.de

This failed with error:
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

I have no idea why final cert fails when staging works. logfile does not get me any hint.

Thanks for any help!

certbot --version
grep -Ri pref_challs /etc/letsencrypt

certbot --version

certbot 0.27.0

grep -Ri pref_challs /etc/letsencrypt

does not produce any output

Upgrade to 0.31.0 or newer. It’s this bug: https://github.com/certbot/certbot/issues/5342.

It occurs when you do the domain validation process via DNS challenges, and then switch to the HTTP challenge.

If you install Certbot from the Ubuntu PPA (https://certbot.eff.org/lets-encrypt/ubuntubionic-other), you will get a version with the bugfix in it.

That solved the problem. Thank you very much for the quick help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.