Question regarding the actual TLS-SNI issue

My domain is:

I ran this command: ./letsencrypt-auto; after that i selected my subdomain
I already do have the cert for the main Domain.

It produced this output: “Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.”

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Ubuntu 16.04 LTS

My hosting provider, if applicable, is: I have my own server at home and im using Dyndns A-Record with namecheap

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

My Question now is: Can i obtain a cert for my subdomain with any workaround? Or do i just have to wait for any bugfix? Is this a Problem of my Internet Provider or my Domain Provider, or even both?

Or is it even my fault? In the past i never had problems with this…

Please see

Since this is for a sub-domain - do you use a different account key for the sub-domain than the domain ? can you use the domain account key to obtain the certificate for the domain & subdomain ?

Do you mean the DynDNS update via ddclient? That shouldnt be a Problem because im updating via ddclient and “” is pointing on “” (CNAME Record)

How can i implement the HTTP-01 or DNS-01 challenges?
I always used ./letsencrypt-auto to this point and this uses TLS-SNI automatically right?

This thread explains what you can do with Certbot:

The next version of Certbot should work by default, using HTTP-01 with Apache.

Ok, so i just need to wait for the next update, right…
Is ./letsencrypt-auto = certbot, or is that another method to obtain certs?
Im just asking this because the “certbot” command is not found on my machine. I tried to execute it while in /etc/letsencrypt

Yes. The project was renamed from “letsencrypt” to “Certbot”, but letsencrypt-auto/certbot-auto operates, and automatically upgrades itself, regardless of what the program is named.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.