Client with the currently selected authericator does not support any combination of challegnes that will satisfy the CA


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: raspipeterserver.ddns.net

I ran this command: sudo certbot --apache -d raspipeterserver.ddns.net

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

My web server is (include version): Apache/2.4.25 (Raspbian)

The operating system my web server runs on is (include version): Raspbian/Debian Stretch

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

I also upload debug log:

2019-01-19 17:29:43,844:DEBUG:certbot.main:Root logging level set at 20
2019-01-19 17:29:43,848:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-01-19 17:29:43,851:DEBUG:certbot.main:certbot version: 0.10.2
2019-01-19 17:29:43,852:DEBUG:certbot.main:Arguments: [’–apache’, ‘-d’, ‘raspipeterserver.ddns.net’]
2019-01-19 17:29:43,855:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2019-01-19 17:29:43,856:DEBUG:certbot.plugins.selection:Requested authenticator apache and installer apache
2019-01-19 17:29:45,172:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator
Initialized: <certbot_apache.configurator.ApacheConfigurator object at 0x73ba1630>
Prep: True
2019-01-19 17:29:45,178:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_apache.configurator.ApacheConfigurator object at 0x73ba1630> and installer <certbot_apache.configurator.ApacheConfigurator object at 0x73ba1630>
2019-01-19 17:29:45,200:DEBUG:certbot.main:Picked account: <Account(e1d30436c9086890555a55ba0807b922)>
2019-01-19 17:29:45,205:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2019-01-19 17:29:45,224:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2019-01-19 17:29:45,607:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2019-01-19 17:29:45,610:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 658
Replay-Nonce: Q6i0NV2SqEhZbnwXCVGM2OlKuHTZqfx78TSMtm4RR28
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Sat, 19 Jan 2019 17:29:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 19 Jan 2019 17:29:45 GMT
Connection: keep-alive

{
“key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“terms-of-service”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org
},
“new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,
“new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,
“revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert”,
“tA5TMneOI3Y”: “Adding random entries to the directory
}
2019-01-19 17:29:45,612:INFO:certbot.main:Obtaining a new certificate
2019-01-19 17:29:45,613:DEBUG:root:Requesting fresh nonce
2019-01-19 17:29:45,614:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2019-01-19 17:29:45,840:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “HEAD /acme/new-authz HTTP/1.1” 405 0
2019-01-19 17:29:45,845:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Replay-Nonce: ev060qgHdb1JI5UxuwCHyZJYP_Y9fzxKTIu7Losug4o
Expires: Sat, 19 Jan 2019 17:29:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

I am trying to set a Rpi Owncloud server. I don’t know if that is useful information.

Thank you.


#2

Hi @ManuelL67339081

you have to update your certbot:


#3

Is this the procedure to upgrade?

user@webserver:~$ wget https://dl.eff.org/certbot-auto
user@webserver:~$ chmod a+x ./certbot-auto

#4

Yes, you can switch to certbot-auto.


#5

It is simpler, at least for me, to first open stretch-backports with this:

sudo sed -i "$ a\deb http://ftp.debian.org/debian stretch-backports main" /etc/apt/sources .list

and then install certbot:

sudo apt-get update

sudo apt-get install certbot -t stretch-backports -y --force- yes

And then

sudo apt-get install python-certbot-apache -t stretch-backports

sudo certbot --apache

and it should be ready.

That’s how I solved it.


#6

Yep, there are a lot of variants to update.

Happy to hear that it works!


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.