My domain is:
ethiopialearning.com
I ran this command:
sudo certbot renew --dry-run
It produced this output:
http-01 challenge for ethiopialearning.com
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Attempting to renew cert (ethiopialearning.com) from /etc/letsencrypt/renewal/ethiopialearning.com.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.. Skipping.
My web server is (include version):
nginx/1.14.0 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 18
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No (other than DNS)
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
0.27.0
/etc/letsencrypt/renewal/ethiopialearning.com.conf
:
# renew_before_expiry = 30 days
version = 0.27.0
archive_dir = /etc/letsencrypt/archive/ethiopialearning.com
cert = /etc/letsencrypt/live/ethiopialearning.com/cert.pem
privkey = /etc/letsencrypt/live/ethiopialearning.com/privkey.pem
chain = /etc/letsencrypt/live/ethiopialearning.com/chain.pem
fullchain = /etc/letsencrypt/live/ethiopialearning.com/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = 123412341234
authenticator = nginx
installer = nginx
server = https://acme-v02.api.letsencrypt.org/directory
The www subdomain renews fine, the naked subdomain is initialized (manually), but I can’t get the naked subdomain to renew automatically.
My nginx conf:
server {
server_name ethiopialearning.com;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ethiopialearning.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ethiopialearning.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/ubuntu/el/src;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
server {
listen 80;
listen 443;
server_name 15.236.61.21 www.ethiopialearning.com *.amazonaws.com;
return 301 https://ethiopialearning.com$request_uri;
}
server {
server_name ethiopialearning.com;
listen 80;
return 301 https://ethiopialearning.com$request_uri;
}
If anything I would have thought the www
subdomain would struggle due to the 301 redirect.