Cert renewal failure

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:ubiquity2.nxtbook.com

I ran this command:sudo certbot --apache

It produced this output:
Which names would you like to activate HTTPS for?

1: pageraft.nxtbook.com
2: ubiquity2.nxtbook.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

My web server is (include version):Apache/2.4.7 (Ubuntu)

The operating system my web server runs on is (include version):Ubuntu 14.04.2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.14.2

I inherited this server. It looks like the renewal worked in Feburary. I tried to run the command below

certbot --authenticator standalone --installer apache -d ubiquity2.nxtbook.com --pre-hook “systemctl stop apache” --post-hook “systemctl start apache”

This was the error
Failed to find executable systemctl in PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
Unable to find pre-hook command systemctl in the PATH.
(PATH is /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games)

You should upgrade to version 0.28 or later. After that, try certbot renew again.

2 Likes

Hi @fierfek

you have a lot of older certificates, first from 2017-10-24 15:59:18.

Looks like you have used tls-sni-01 validation, that’s not longer supported. Support ended after you have created your last certificate.

CN=ubiquity2.nxtbook.com
	24.02.2019
	25.05.2019
2 days expired	
pageraft.nxtbook.com, ubiquity2.nxtbook.com - 2 entries

So you have (after updating your certbot) to switch to another challenge method.

Read

But good: Your port 80 is open and answers correct.

So http-01 validation may work.

1 Like