Renew certificate error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:journohq.com

I ran this command:
certbot certonly --apache --apache --force-renewal -d journohq.com
certbot certonly --force-renew -d journohq.com

It produced this output:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

My web server is (include version): Apache (Ubuntu)

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No (AWS)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.17.0

Hi @samir_journo

you have a lot of old Letsencrypt certificates ( https://check-your-website.server-daten.de/?q=journohq.com#ct-logs ):

First: 2017-09-14 06:28:00

Your Certbot

is very old. Looks like you have used tls-sni-01 validation, that's not longer supported.

So first update your Certbot.

Your certificate doesn't have a wildcard:

CN=journohq.com
	09.02.2019
	10.05.2019
1 days expired	journohq.com, www.journohq.com - 2 entries

so dns-01 validation isn't required, http-01 validation should work.

If you can't update your certbot, switch to Certbot-Auto.

Your main configuration is ok:

Port 80 is open and answers, redirects http -> https, checking a file in /.well-known/acme-challenge there is the expected result http status 404 - Not Found.

So webroot should work.

@JuergenAuer
Thanks for the quick response.

I switch to Certbot-Auto. Can you recheck it and confirm all are set good now after switching to auto.

Thanks for the support!

There is a new check of your domain - https://check-your-website.server-daten.de/?q=journohq.com

Now you have a new Letsencrypt certificate:

CN=journo.app-server.net
	11.05.2019
	09.08.2019
expires in 90 days	admin.journohq.com, 
api.journohq.com, journo.app-server.net, 
journohq.com, jrno.co, pma.journohq.com, 
service.journohq.com, www.journohq.com, 
www.jrno.co - 9 entries

so both connections are secure.

There is one wrong entry - Html Content check:

meta
	og:url
	http://gph.is/1JL3eBJ
	1
	mixed

That's http, not https. But your preferred version is www, so that attribute should have the value

https://www.journohq.com/

the canonical url of that content.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.