Non Interactive Issue : Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA


#1

Hello ,

I use the letsencrypt using github and generate certificate via following command, it was working few days ago and stopped working now, i use this script via bash script without user interaction

/opt/letsencrypt/letsencrypt-auto --non-interactive --apache --register-unsafely-without-email -d www.mywebsite.com --agree-tos


#2

#3

@Patches i am not using certbot


#4

letsencrypt-auto is another name for Certbot.


#5

I am still not figuring out what is the issue in above command :slight_smile: reading that link but i really didn’t understand cause of issue. Can you help to rewrite the above command?


#6

Hi,

The issue is TLS-SNI-01 is disabled for security reason.

Check this post: TLS-SNI challenges disabled for most new issuance

Thanks.
Steven Zhu


#7

As Steven says, the TLS-SNI-01 challenge is disabled. The --apache plugin of certbot / letsencrypt-auto currently depends on this challenge. It’s being updated so that it can use the HTTP-01 challenge instead.

If you can’t wait, you’ll have to use a different plugin for now. For example, if you want to use the webroot plugin, you should modify your command as follows:

  • change --apache to -a webroot -i apache
  • add -w /path/to/your/webroot before the -d

#8

Thanks it worked perfectly after changing --apache and adding -w path to web root


#9

Can you tell if the upgrade command can work in latest version just for confirmation

/opt/letsencrypt/letsencrypt-auto --non-interactive --agree-tos


#10

I am not sure what you mean by the upgrade command but letsencrypt-auto does still automatically update itself if that’s what you’re asking.


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.