i have 4 domain names pointing to OwnCloud, prior to today i could simple run certbot renew (they were set to renew automatically anyway) and it would be fine.
I’ve logged into our server due to users getting certificate warnings, on investigation it looks like it didn’t renew them. After researching it looks like the certbot was well out of date and wanted to use a new auth challenge.
First step was to get Debian (Jessie) fully updating (i had to change the repo to archive), once that was all up to date i used certbot-auto to update the certbot.
Now when i run certbot and it asks me to which domains i would like to renew the following happens;
if i select 1 domain, it renews the cert fine, but fails to force HTTPS. From a web browser it’s fine and there are no warnings. Other domains give me a mismatch security warning.
if i select all domains, they all update, none of them work as i get the mismatch warning.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
I'm guessing this is remembering the existing config using the old auth style?
Using certbot --apache --preferred-challenges http
Results in "None of the preferred challenges are supported by the selected plugin
"