Failed to renew certificate: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA

You cannot issue or renew wildcard certificates using the --nginx authenticator. The nginx authenticator only supports the HTTP challenge.

For any certificate which includes wildcard domains, you must use the DNS challenge (https://letsencrypt.org/docs/challenge-types/).

If you do not really need a wildcard, consider just listing each of your domains, as it will make your life much simpler.

Otherwise, you will need to find a way to use the DNS challenge. Certbot does not support reg.ru, so it does not support automatically renewing certificates with wildcard domains that have their DNS hosted with reg.ru. You would have to do it manually, i.e.

certbot renew --manual --preferred-challenges dns

There are other ACME clients available that may be able to support wildcards and automated renewal workflow with reg.ru. acme.sh is one: https://github.com/acmesh-official/acme.sh/wiki/dnsapi#81-use-regru-api

1 Like