None of the preferred challenges are supported by the selected plugin

I'm strictly following the instruction to get a certificate using let'sEncript and certbot in the site https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx

The full process hangs when I try to create a certificate.
Please help. Thank you.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: *.pikeen.com

I ran this command: sudo certbot --nginx

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): admin@kebratech.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): *.pikeen.com
Requesting a certificate for *.pikeen.com
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): node v14.17.6

The operating system my web server runs on is (include version):

|Distributor ID:|Ubuntu|
|---|---|
|Description:|Ubuntu 20.04.3 LTS|
|Release:|20.04|
|Codename:|focal|

My hosting provider, if applicable, is: AWS EC2

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.19.0

2 Likes

The nginx plugin does not support the dns-01 challenge (only the http-01 challenge) which is required for getting a Let's Encrypt wildcard certificate.

If you go to the "Wildcard" tab on the instructions you've linked above (i.e.: Certbot - Ubuntufocal Nginx) you'd see instructions implementing the dns-01 challenge.

2 Likes

Welcome to the Let's Encrypt Community, Paolo :slightly_smiling_face:

Do you specifically need a wildcard (*.) certificate?

If not, try this:

sudo certbot --nginx -d "pikeen.com,www.pikeen.com"

If so, try this:

sudo certbot -a manual --preferred-challenges dns -d "pikeen.com,*.pikeen.com" -i nginx

2 Likes