Error message when following "How to stop using TLS-SNI-01 with Certbot"

I’m in a pickle. As I see has happened to many people, our digital certificate expired. In our case, however, our one IT person has been way out of town since before it happened (basically “off the grid”). I’m trying to figure this out so we can have our website back as quickly as possible but don’t even know where to look for some of the information needed. Any advice you would have would be greatly appreciated. Thank you!

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: saron.org

I ran this command: sudo certbot renew --dry-run

It produced this output: root@saron:~# sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/saron.org.conf

Cert is due for renewal, auto-renewing…
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Attempting to renew cert from /etc/letsencrypt/renewal/saron.org.conf produced an
Unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. . Skipping.
** DRY RUN: simulating 'certbot renew’ close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/saron.org/fullchain.pem (failure)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
** (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)
root@saron:~#
root@saron:~# _

My web server is (include version): unknown (Digital Ocean?)

The operating system my web server runs on is (include version): unknown

My hosting provider, if applicable, is: That might be DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): I think so, at least the “command prompts” in the above output said “root”.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ??

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): ??

Hi @slcadmin

there are a lot of older certificates ( https://check-your-website.server-daten.de/?q=saron.org#ct-logs ):

First from 2017-02-15 06:23:00, last from 2019-03-09 10:25:15.

Looks like you have used tls-sni-01 validation, that’s not longer supported (ended ~2019-03-15).

So you have to switch to another validation method.

But first you should update your Certbot.

Start there:

1 Like

Thank you for that. I believe I can answer the System question with confidence (Web Hosting System) but the first drop down menu… I am not sure what software.

I found someone to guide me through and resolved the issue. Thank you again.

1 Like