Certbot new install failure / How to use Let's Encrypt Digital Ocean generated certificate

My domain is: www.cytojer.com 167.99.174.180

I ran this command: sudo certbot certonly --standalone --preferred-challenges tls-sni -d cytojer.com

It produced this output:
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

IMPORTANT NOTES:

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obta

My web server is (include version):

Digital Ocean

The operating system my web server runs on is (include version):
Ubuntu 18.04.3 LTS x64

My hosting provider, if applicable, is:

Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

WordPress dashboard v 5.4.1

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0


I generated a free Digital Ocean Let’s Encrypt SSL certificate.
I am wondering how to use this already generated Let’s Encrypt certificate can
be used to install Cert bot on my Virtual Private Server running Wordpress.

Thank you very much.

Hi @plsdontchngme,

If you’ve already generated a certificate, then Certbot is probably not relevant to you and you probably don’t need to use it all. The main purpose of Certbot is for generating certificates, but it’s not the only tool available for that purpose.

Instead, you might want to look at documentation for your web server and hosting environment to figure out how to install the existing certificate, which might be done by editing configuration text files, or by using a hosting control panel of some kind. Perhaps Digital Ocean’s support could help you with this if you’re used Digital Ocean-provided tools.

This error happened because the tls-sni method, which you requested with --preferred-challenges tls-sni, has been disabled a couple of years ago due to a security problem with this method in certain shared hosting environments (in which one shared hosting customer could potentially have used it to request certificates for a different customer’s site). If you conclude that Certbot is appropriate for what you want to do, you’ll need to run it without --preferred-challenges tls-sni in order to get rid of this error message!

1 Like

Thank you very much. I will do that.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.