Renew certificate issue "tls: handshake failure" (Solved with solution)


My domain is: …etc

I ran this command: sudo certbot --authenticator standalone --installer nginx -d --pre-hook “service nginx stop” --post-hook “service nginx start”

It produced this output: Failed authorization procedure. (tls-sni-01): urn:acme:error:tls :: The server experienced a TLS error during domain verification :: remote error: tls: handshake failure

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: Digitalocean, Cloudflare

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

I’ve research that it’s has something to do with Clouddflare and I need to use the http-01 challenge instead. How can I do that? I’m a web developer and there’s no server admin here. I just get my way around and get everything working but now the certificate expire and I can’t renew it. The command above used to work fine last time I renew my certificate but not this time.


I follow the below guide I found on the internet:



certbot --nginx -d -d -d \
--preferred-challenges http


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.