Certbot 0.28 - Still getting "Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS." error

NOTE: I did do a Google search and I found this: https://community.letsencrypt.org/t/49983. As I said in the title, I have the latest version, and I don’t have nginx.

My domain is: http://www.screech.xyz (I’m poor okay?)

My web server is: apache

The operating system my web server runs on is: Debian 9

My hosting provider is: OVH

I can login to a root shell on my machine: Yes

This is the log of me verifying I’m on the newest version AND getting the error:

root@vps218353:~# sudo apt-get upgrade python-certbot-apache
Reading package lists... Done
Building dependency tree
Reading state information... Done
python-certbot-apache is already the newest version (0.28.0-1~bpo9+1).
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@vps218353:~# sudo apt-get full-upgrade python-certbot-apache
Reading package lists... Done
Building dependency tree
Reading state information... Done
python-certbot-apache is already the newest version (0.28.0-1~bpo9+1).
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@vps218353:~# sudo certbot -a certbot-dns-cloudflare -a apache -d "*.screech.xyz" -d screech.xyz --server https://acme-v02.api.letsencrypt.org/directory
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
root@vps218353:~#

I’ve also tried certbot-dns-ovh, to no avail. What am I doing wrong?

You can find the correct syntax for using the Cloudflare DNS authenticator here: https://certbot-dns-cloudflare.readthedocs.io/en/stable/

If you use the -a option twice, it will only use the last one. Therefore, certbot never used the DNS plugin. You should use only one -a for the authenticator plugin. If you use a DNS plugin as authenticator, you might want to use -i apache to select the Apache plugin as installer plugin.

Also, you might want to consider just using the Apache plugin without the DNS authenticator, but with --preferred-challenges http as option.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.