The following certs could not be renewed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
ventisecondi.it

I ran this command:
sudo certbot renew --dry-run

It produced this output:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

Attempting to renew cert (ventisecondi.it) from /etc/letsencrypt/renewal/ventisecondi.it.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA… Skipping.

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/ventisecondi.it/fullchain.pem (failure)

My web server is (include version):
Apache

The operating system my web server runs on is (include version):
Ubuntu 16.04

My hosting provider, if applicable, is:
DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.19.0-1+ubuntu16.04.1+certbot+1

Hi @manlioma

your certbot is too old. First update your certbot.

You have a lot of old certificates ( https://check-your-website.server-daten.de/?q=ventisecondi.it#ct-logs ):

CRT-Id Issuer not before not after Domain names LE-Duplicate next LE
1233348183 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2019-02-23 22:50:46 2019-05-24 21:50:46 ventisecondi.it, www.ventisecondi.it
2 entries
1057636342 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2018-12-25 22:31:11 2019-03-25 22:31:11 ventisecondi.it, www.ventisecondi.it
2 entries
894397267 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2018-10-26 21:05:31 2019-01-24 22:05:31 ventisecondi.it, www.ventisecondi.it
2 entries
756946268 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2018-08-27 21:39:03 2018-11-25 22:39:03 ventisecondi.it, www.ventisecondi.it
2 entries
566557789 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2018-06-28 21:33:59 2018-09-26 21:33:59 ventisecondi.it, www.ventisecondi.it
2 entries
430514678 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2018-04-29 21:06:39 2018-07-28 21:06:39 ventisecondi.it, www.ventisecondi.it
2 entries
344299974 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2018-02-28 22:08:28 2018-05-29 21:08:28 ventisecondi.it, www.ventisecondi.it
2 entries
291747389 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2017-12-30 12:20:57 2018-03-30 11:20:57 ventisecondi.it, www.ventisecondi.it
2 entries
264765321 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US 2017-11-26 16:56:43 2018-02-24 16:56:43 ventisecondi.it, www.ventisecondi.it
2 entries

Looks like you have used tls-sni-01 validation, that's not longer supported. And your too old certbot may only support that validation method.

But your configuration looks ok:

Port 80 is open and answers with the expected http status 404 - Not Found checking a file in /.well-known/acme-challenge/random-filename.

So --apache or --webroot should work.

2 Likes

Hello, i have upgrade certbot, then I ran this command:

sudo certbot renew --dry-run

(no errors)

then to reload I tried:
sudo service apache2 reload

and sudo service apache2 restart

When I click on my certificate it again says that expires on 25 may 2019

What I have to do no?

thank you

1 Like

Run it without dry-run.

dry-run creates a test certificate and doesn't install it (because it's not valid).

But if --dry-run works, it should work without --dry-run.

Done! thank you very much for your support!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.