Unable to obtain certificate over http-01


#1

Hi,

I am trying to issue a certificate over http-01 with the following command:

certbot certonly --webroot -w /var/www/letsencrypt/ -d fsnet.eu -d *.fsnet.eu --preferred-challenges http

Output:

Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 chanllenge for fsnet.eu
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

certbot version: 0.28.0

Can someone help me?


#2

You can’t use HTTP-01 validation for wildcards.

You have to either switch to DNS-01 validation, or get a certificate with individual subdomains and no wildcard.

What OS are you using?

Does your DNS provider support making automated changes?


#3

Thank you for your fast reply! My DNS provider supports a DNS API so in general there is a possibility to update DNS records. But my setup is slightly different than usual (multiple servers involved) so I think it will be better to use http-01. I will try without using wildcard certificates :slight_smile:

Edit: Requesting a certificate with individual subdomains solved the issue. Thanks again for your help!


closed #4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.