Sorry to be very short but I'm limited as a new user.
My domain is: support.posper.de and shop.tassenregal.com
./certbot-auto renew --dry-run fails with /support.posper.de.conf produced an unexpected error: Failed authorization procedure. support.posper.de (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain
My web server is (include version): Apache 2.2.22
Situation:
I have 2 domains running on a server using SNI, call this server 'sni' . Port 443 is forwarded directly to this server.
Port 80 is forwarded to a different server, call it 'proxy' which performs a Redirect permanent to https://support.posper.de and https://shop.tassenregal.com accordingly.
This setup works very well.
In order to obtaiin the certificates I had to
- temporarily shutdown apache on the 'sni' server
- temporarily forward port 80 to the 'sni' server
- get the cerificates with ./certbot-auto certonly --standalone --email hans.artmann@arcasys.com -d support.posper.de and
- ./certbot-auto certonly --standalone --email hans.artmann@arcasys.com -d shop.tassenregal.com
which worked like a charm and, as said, the setup described above also works
However, any attempt to make a dry-run renewal fails. Why it fails seems to be clear for the example above but I tried a couple more options like using --preferred-challenges tls-sni-01and nothing worked.
The latter produced a message like this:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Attempting to renew cert (shop.tassenregal.com) from /etc/letsencrypt/renewal/shop.tassenregal.com.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.. Skipping.
I got stuck here because performing the configuration changes like for creation for every renewal attempt is a no go. Does anyone have an idea how to solve this?
Thank you.