Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA

Hello, I am in new on Let’s encrypt, and the cron in charge of cerbot gives error.
I think my cerbot package is maybe out of date, maybe upadtes problems with packports.
Anyway, that is my situation :

My domain is:
www.conservatoirevegetal.com

I ran this command:

root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e ‘sleep int(rand(3600))’ && certbot -q renew

It produced this output:

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA

My web server is (include version):

Apache 2.4.10

The operating system my web server runs on is (include version):

Debian Jessie 8.11

My hosting provider, if applicable, is:

console.online.net

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
I don’t know how to find that …

you can find your certbot version by issuing the command
certbot --version
as stated in the help template :slight_smile:

I guess you are hit by the tls-sni deprecation

I think that in this case you have to issue a new request to letsencrypt and certbot should switch to http-01. If you don’t know how to do that you could post your /etc/letsencrypt/renewal/www.conservatoirevegetal.com.conf and it could be possible to figure out the correct command line from there.
Note: I don’t know if the account is considered confidential data but it’s all right to remove it before posting the file, it’s not used to request a new certificate.
Also it could be a great occasion to add at least the plain URL (not www) on your certificate so that accessing by https://conservatoirevegetal.com works as well - the guy who did setup this for you was not a fervent partisan of excessive effort that’s clear :slight_smile:

Hello Gpatel-fr,

Thanks, I found out and yes it was the switch to http-01 … because of cerbot update (not working on jessie backports).
So my steps was :slight_smile:

Everything is ok.
I need know to understand the cron, and modify.
Thanks for the advice about www.

certbot-auto works just as well with cron, you just have to take care of the path (as always with cron). Just verified: in my cron I set the full path. Something like

0 7 * * * /path/to/certbot-auto renew --noninteractive

I admit that I did not care to add the random sleep - yes I should have done so.

Hello, I have changed the path in the cron, but I do not understand what is the “test” :

root test -x /usr/local/bin/certbot-auto -a ! -d /run/systemd/system && perl -e ‘sleep int(rand(3600))’ && certbot-auto -q renew

So when I run the cron I have errors

Hi @1formanet

please share the output. And remove the -q option, that’s “silent”, so errors aren’t visible.

root is not part of the command, it's just the user running the command
-x /usr/local/bin/certbot-auto ==> test if certbot-auto is executable
-a ==> operator AND
- ! -d /run/systemd/system ==> test if systemd is managing the computer

so: the following is executed if certbot is executable and there is no systemd.
Systemd can be used with certbot install procedure to setup a systemd timer that is running certbot instead of cron. If you have uninstalled system certbot, you have to check that the systemd timer has been removed by running

systemctl list-timers

if there is a timer active, it will try to run the old certbot and your crontab will not run.
I guess that is not happening since your cron has errors (if it did not run it would not display errors I guess). Remove the -a ! -d /run/systemd/system anyway.
Something troubling is that you are testing for existence of certbot-auto at a specific path but you are not using it to launch it.
If you add the path for launching certbot-auto, remove the -q option as said by @JuergenAuer

Oh great informations, @gpatel-fr and @JuergenAuer I was lost.

So I go to check paths, timers and remove q, and say you the final result