Unable to renew certficate

Help
1

My domain is:
inschrijven.hoba.be

I ran this command:
certbot renew --force-renewal --cert-name inschrijven.hoba.be --deploy-hook "systemctl reload apache2
Server version: Apache/2.4.18 (Ubuntu)

It produced this output:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Attempting to renew cert (inschrijven.hoba.be) from /etc/letsencrypt/renewal/inschrijven.hoba.be.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/inschrijven.hoba.be/fullchain.pem (failure)

My web server is (include version):
apache2

The operating system my web server runs on is (include version):
Ubuntu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes, ssh connection

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.19.0

2

Hi @mudev

your certbot is too old. First step: Update your certbot.

Checking your domain - https://check-your-website.server-daten.de/?q=inschrijven.hoba.be#ct-logs

Your last certificate is from 2019-01-22.

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-01-22 2019-04-22 inschrijven.hoba.be
1 entries
Let's Encrypt Authority X3 2018-11-23 2019-02-21 inschrijven.hoba.be
1 entries
Let's Encrypt Authority X3 2018-09-24 2018-12-23 inschrijven.hoba.be
1 entries
Let's Encrypt Authority X3 2018-07-26 2018-10-24 inschrijven.hoba.be
1 entries
Let's Encrypt Authority X3 2018-05-27 2018-08-25 inschrijven.hoba.be
1 entries
Let's Encrypt Authority X3 2018-03-28 2018-06-26 inschrijven.hoba.be
1 entries
Let's Encrypt Authority X3 2018-01-26 2018-04-26 inschrijven.hoba.be
1 entries
Let's Encrypt Authority X3 2017-11-27 2018-02-25 inschrijven.hoba.be
1 entries

Looks like you have used tls-sni-01 validation, that's deprecated. Support ended ~~ 2019-03-15.

So you have to switch to another validation method.

If you can't update your certbot, perhaps switch to certbot-auto.

Then try

certbot renew --cert-name inschrijven.hoba.be -d inschrijven.hoba.be
3

Dear,

Thank you for the quick response @JuergenAuer.

I bumped my lets encrypt version to certbot 0.31.0 and ran the following command:

certbot renew --cert-name inschrijven.hoba.be -d inschrijven.hoba.be

output:

Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future.

What would the command look like if I have to use use certonly ?

Best regards,
Axel Ardu

4

I was able to fix it :innocent:

Looks like I didn’t have any vhost mapped to port 80 so I couldn’t create the certificate.

Once the vhost was created I ran the following command:

certbot certonly --cert-name inschrijven.hoba.be

and afterwards restarted the server.

Thanks for the help!

1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.