Please help renew cert

My domain is:

I ran this command: certbot --nginx-ctl /usr/sbin/nginx renew --force-renew --quiet --nginx --renew-hook "/etc/init.d/nginx reload"

It produced this output: Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: None of the preferred challenges are supported by the selected plugin. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)
1 renew failure(s), 0 parse failure(s)

My web server is (include version): nginx 1.22.0

The operating system my web server runs on is (include version): Debian 10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.31.0

PS: crontab worked fine but this time an error occurs.
-rw-r--r-- 1 root root 1858 Jun 3 21:26 cert1.pem
-rw-r--r-- 1 root root 1862 Jun 5 02:31 cert2.pem
-rw-r--r-- 1 root root 1862 Jun 12 02:33 cert3.pem
-rw-r--r-- 1 root root 1785 Jun 19 02:36 cert4.pem
-rw-r--r-- 1 root root 1781 Jun 26 02:30 cert5.pem
-rw-r--r-- 1 root root 3750 Jun 3 21:26 chain1.pem
-rw-r--r-- 1 root root 3750 Jun 5 02:31 chain2.pem
-rw-r--r-- 1 root root 3750 Jun 12 02:33 chain3.pem
-rw-r--r-- 1 root root 3750 Jun 19 02:36 chain4.pem
-rw-r--r-- 1 root root 3750 Jun 26 02:30 chain5.pem
-rw-r--r-- 1 root root 5608 Jun 3 21:26 fullchain1.pem
-rw-r--r-- 1 root root 5612 Jun 5 02:31 fullchain2.pem
-rw-r--r-- 1 root root 5612 Jun 12 02:33 fullchain3.pem
-rw-r--r-- 1 root root 5535 Jun 19 02:36 fullchain4.pem
-rw-r--r-- 1 root root 5531 Jul 10 00:50 fullchain5.pem
-rw------- 1 root root 1704 Jun 3 21:26 privkey1.pem
-rw------- 1 root root 1708 Jun 5 02:31 privkey2.pem
-rw------- 1 root root 1708 Jun 12 02:33 privkey3.pem
-rw------- 1 root root 1704 Jun 19 02:36 privkey4.pem
-rw------- 1 root root 1708 Jun 26 02:30 privkey5.pem

configuration file:

renew_before_expiry = 30 days

version = 0.31.0
archive_dir = /etc/letsencrypt/archive/
cert = /etc/letsencrypt/live/
privkey = /etc/letsencrypt/live/
chain = /etc/letsencrypt/live/
fullchain = /etc/letsencrypt/live/

Options used in the renewal process

account = (number),
pref_challs = dns-01,
server =
authenticator = nginx
renew_hook = /etc/init.d/nginx reload
installer = nginx
nginx_ctl = /usr/sbin/nginx

Welcome to the Let's Encrypt Community, @zhaoxiasan.

You should take care to avoid the following option in your certbot commands. It isn't a magical cure for failure and can cause you to hit rate limits. It is best to not use that option.

You might want to review the Let's Debug results for your domain.


Don't use --force-renew. Seriously, don't.

Have you manually edited the renewal config file? Because it's calling for the DNS-01 challenge using the nginx authenticator, and these two don't go together--the nginx authenticator can't update your DNS records, and thus can't solve the DNS challenge. I'd expect it will work if you change pref_challs to http-01 in the renewal config file.


Thank you for the excellent opening post with all the extra information, kudo's :+1:

Next to this compliment I don't have anything to add next to the good advice my fellow volunteers already have given.


I see a whole lot of unnecessary things in that renewal request.
I'd try just:

certbot renew

[and post the output of that]


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.