Error while creating ssl

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

Welcome @sobhan74

We need more info than that to give advice. Most importantly, what command did you try that resulted in that error?

When you posted in this Help topic you were shown a form. Please answer the questions as best you can.

===================================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

4 Likes

It looks like @sobhan74 tried to acquire a wildcard certificate using an HTTP-01 challenge rather than a DNS-01 challenge.

1 Like

@griffin If I understand the error message correctly, it's due to trying to do the dns-01 challenge, but by selecting a plugin which can only do the http-01 challenge. But without more information, it's rather an educated guessing game :wink: By the way, what I said can easily be due to what you said :stuck_out_tongue:

2 Likes

Your assessment is absolutely correct, @Osiris. I suspect usage of either --apache or --nginx, which only provide authentication via HTTP-01 challenge rather than the necessary DNS-01 challenge for obtaining a wildcard certificate.

https://eff-certbot.readthedocs.io/en/stable/using.html#dns-plugins

3 Likes