Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: belgavox.nl
I ran this command:
sudo certbot certonly -d belgavox.nl -d *.belgavox.nl --nginx -v
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for belgavox.nl and *.belgavox.nl
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): nginx/1.14.0 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 18.0.4
My hosting provider, if applicable, is: Snel
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 1.16.0
I tried to fix the problem, but simply can't.
I visited:
- How to stop using TLS-SNI-01 with Certbot
- Certbot - Ubuntubionic Nginx
- https://devanswers.co/lets-encrypt-error-client-currently-selected-authenticator-not-support-combination-challenges-will-satisfy/
I tried everyting mentioned on those sites, but it does not work for me.
Logfile:
2021-06-30 11:30:11,628:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-06-30 11:30:12,007:DEBUG:certbot._internal.main:certbot version: 1.16.0
2021-06-30 11:30:12,008:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1201/bin/certbot
2021-06-30 11:30:12,008:DEBUG:certbot._internal.main:Arguments: ['-d', 'belgavox.nl', '-d', '*.belgavox.nl', '--nginx', '--preconfigured-renewal']
2021-06-30 11:30:12,008:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-06-30 11:30:12,024:DEBUG:certbot._internal.log:Root logging level set at 30
2021-06-30 11:30:12,027:DEBUG:certbot._internal.plugins.selection:Requested authenticator nginx and installer nginx
2021-06-30 11:30:12,165:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f716cea8490>
Prep: True
2021-06-30 11:30:12,167:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx._internal.configurator:NginxConfigurator
Initialized: <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f716cea8490>
Prep: True
2021-06-30 11:30:12,167:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f716cea8490> and installer <certbot_nginx._internal.configurator.NginxConfigurator object at 0x7f716cea8490>
2021-06-30 11:30:12,167:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2021-06-30 11:30:12,178:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/89378066', new_authzr_uri=None, terms_of_service=None), e6cd242557e0a1cb84de9918dfddf6f4, Meta(creation_dt=datetime.datetime(2020, 6, 21, 9, 51, 40, tzinfo=<UTC>), creation_host='srv01.ratis.ci', register_to_eff=None))>
2021-06-30 11:30:12,179:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-06-30 11:30:12,181:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-06-30 11:30:12,743:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-06-30 11:30:12,743:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 30 Jun 2021 09:30:12 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"NhVKXxMj0s8": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-06-30 11:30:12,744:DEBUG:certbot.display.util:Notifying user: Requesting a certificate for belgavox.nl and *.belgavox.nl
2021-06-30 11:30:12,884:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0015_key-certbot.pem
2021-06-30 11:30:12,891:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0015_csr-certbot.pem
2021-06-30 11:30:12,892:DEBUG:acme.client:Requesting fresh nonce
2021-06-30 11:30:12,892:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-06-30 11:30:13,038:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-06-30 11:30:13,038:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 30 Jun 2021 09:30:12 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0004oyo3jBkpu8-i73upu8GwAFsugNG2WXsw_40I2qBVm_M
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2021-06-30 11:30:13,039:DEBUG:acme.client:Storing nonce: 0004oyo3jBkpu8-i73upu8GwAFsugNG2WXsw_40I2qBVm_M
2021-06-30 11:30:13,039:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "belgavox.nl"\n },\n {\n "type": "dns",\n "value": "*.belgavox.nl"\n }\n ]\n}'
2021-06-30 11:30:13,042:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODkzNzgwNjYiLCAibm9uY2UiOiAiMDAwNG95bzNqQmtwdTgtaTczdXB1OEd3QUZzdWdORzJXWHN3XzQwSTJxQlZtX00iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "tg01cpR3Xg6PR1KhVMzdIVGR5e4pavJrBmHTzgjFgH3bQVrxexEAKANQVqlw7hFMGLybp0fOOm7ulBdJ6SPnYqk7EA7FqgOL5Tg8YZs9lwCE4RxwYM2G-DdKfgtCERD3DMRSN9mFOANgtFQyxyJLBm62Fg2fyPuho0r8nZDV9sKyVQ9Iri047MUWo6nEJu41b4bOOnmTtCpUAVmhbci8VJ18oLz91jnxq-2KJ5nIbx1LMTmrYx5R3uwxI8S1WpgAkMWjj6Q09MAHzmXPiXbEo1I3hy8_rNm3WzFubdBRFAPL0gj42I5y5--W4Z_sn4kdg2jMZJU-Rn2YUbzJMw3n3g",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImJlbGdhdm94Lm5sIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIiouYmVsZ2F2b3gubmwiCiAgICB9CiAgXQp9"
}
2021-06-30 11:30:13,199:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 468
2021-06-30 11:30:13,200:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 30 Jun 2021 09:30:13 GMT
Content-Type: application/json
Content-Length: 468
Connection: keep-alive
Boulder-Requester: 89378066
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/89378066/10748161877
Replay-Nonce: 0004vGZ8g8LHsb6GffgUQJHSS-2-mLVxGC4nOK141XJQFzg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2021-07-07T08:41:07Z",
"identifiers": [
{
"type": "dns",
"value": "*.belgavox.nl"
},
{
"type": "dns",
"value": "belgavox.nl"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/14415429834",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/14415429838"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/89378066/10748161877"
}
2021-06-30 11:30:13,200:DEBUG:acme.client:Storing nonce: 0004vGZ8g8LHsb6GffgUQJHSS-2-mLVxGC4nOK141XJQFzg
2021-06-30 11:30:13,201:DEBUG:acme.client:JWS payload:
b''
2021-06-30 11:30:13,204:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/14415429834:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODkzNzgwNjYiLCAibm9uY2UiOiAiMDAwNHZHWjhnOExIc2I2R2ZmZ1VRSkhTUy0yLW1MVnhHQzRuT0sxNDFYSlFGemciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzE0NDE1NDI5ODM0In0",
"signature": "vptVSVdgfvavKBGGBU1SPTbT0VJdOsovPTctF0m7x8fSeECoBlQDSKOiRdf6CzL60pkCd6HTbe2bjk66oAGhBT89NFtgedjez5KHOkyvBO1dJ27IiiqB9EoDycyztlKvxV50_rZ4qthDS8aM9CYE_qppAs-ERSJDRR0ch22CCA_eQzj7TAHhNrpj8Zl5L447Iefx6rQevLOdDaodDGmDhmOtJpV5yw5DvwlmhZxXOM6aD_OxzPDSDo52QOseBduGXz4Wy1F_DRo8l14zj73njXPNJMvcbC8g7AMzXZTbC_S8D4mfoaAzP3M2YGv_9yI9jxgjZxeZCdcc5tzbQwUnoQ",
"payload": ""
}
2021-06-30 11:30:13,346:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/14415429834 HTTP/1.1" 200 384
2021-06-30 11:30:13,347:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 30 Jun 2021 09:30:13 GMT
Content-Type: application/json
Content-Length: 384
Connection: keep-alive
Boulder-Requester: 89378066
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0003FTIV_f8R7xUgw_24R2iAloodLLNExzXE2xNQuDRLc9c
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "belgavox.nl"
},
"status": "pending",
"expires": "2021-07-07T08:41:07Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14415429834/xi9rlg",
"token": "qXf5PC4NLSiQpqqYBg3RT3DQGjXH-C9kPUnJoJ6aEmM"
}
],
"wildcard": true
}
2021-06-30 11:30:13,347:DEBUG:acme.client:Storing nonce: 0003FTIV_f8R7xUgw_24R2iAloodLLNExzXE2xNQuDRLc9c
2021-06-30 11:30:13,348:DEBUG:acme.client:JWS payload:
b''
2021-06-30 11:30:13,350:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/14415429838:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODkzNzgwNjYiLCAibm9uY2UiOiAiMDAwM0ZUSVZfZjhSN3hVZ3dfMjRSMmlBbG9vZExMTkV4elhFMnhOUXVEUkxjOWMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzE0NDE1NDI5ODM4In0",
"signature": "h2UGxKeUXJZ-5t7XVS0695DcLcP9pP6ivVQmq6qKPSj1jchOJ3JFORvbHCXA05XT-D4Z1QBBwvVkBbD0-vkbURLpZAOOkyR6UQO1ndihCQKnTl6tdi-YCE99Yh8eijmyORSkhXQEj1kwb7lqkPFSBZg98DgW7_QDAskd2ME1CSTBHBrTo_GralIw_TzUGfBQeV8eQk1RdVSJmeuQZb9oTISxjlvmaCCHIVVMwiJgVJM4fB_CV5Xpr3iDBI0w2SUEnqilPdGWponHQy4xTDoKKFUOroND4SfRoCgjXLtODNpzxkIL51dT_7p6uoZ746WjNeUJhzDZf37VxK-zljRA8Q",
"payload": ""
}
2021-06-30 11:30:13,524:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/14415429838 HTTP/1.1" 200 792
2021-06-30 11:30:13,525:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 30 Jun 2021 09:30:13 GMT
Content-Type: application/json
Content-Length: 792
Connection: keep-alive
Boulder-Requester: 89378066
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0003CcuVWdkBf7gsWRvhGnniHt7YCGCUzKob2W8D3wWOWDQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "belgavox.nl"
},
"status": "pending",
"expires": "2021-07-07T08:41:07Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14415429838/6kaq8g",
"token": "Gf0dR4hYuwj-avd5SZR275uZNzTwctUp5lUHASvb9JM"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14415429838/0NzRPA",
"token": "Gf0dR4hYuwj-avd5SZR275uZNzTwctUp5lUHASvb9JM"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14415429838/yXDNDg",
"token": "Gf0dR4hYuwj-avd5SZR275uZNzTwctUp5lUHASvb9JM"
}
]
}
2021-06-30 11:30:13,525:DEBUG:acme.client:Storing nonce: 0003CcuVWdkBf7gsWRvhGnniHt7YCGCUzKob2W8D3wWOWDQ
2021-06-30 11:30:13,526:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-06-30 11:30:13,526:CRITICAL:certbot._internal.auth_handler:Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
2021-06-30 11:30:13,527:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/1201/bin/certbot", line 8, in <module>
sys.exit(main())
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1552, in main
return config.func(config, plugins)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1414, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 128, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 445, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 375, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 425, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 65, in handle_authorizations
achalls = self._choose_challenges(authzrs)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 205, in _choose_challenges
path = gen_challenge_path(
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 343, in gen_challenge_path
return _find_smart_path(challbs, preferences, combinations)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 379, in _find_smart_path
_report_no_chall_path(challbs)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 418, in _report_no_chall_path
raise errors.AuthorizationError(msg)
certbot.errors.AuthorizationError: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
2021-06-30 11:30:13,529:ERROR:certbot._internal.log:Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.