Unable to set ssl

Is not working:
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. 
certbot: error: ambiguous option: --d could match --dns-google, --dns-sakuracloud, --domain, --dns-nsone, --debug, --disable-hook-validation, --domains, --dns-linode, --dialog, --deploy-hook, --debug-challenges, --dns-dnsimple, --dns-dnsmadeeasy, --delete-after-revoke, --dns-luadns, --dns-ovh, --dns-route53, --dns-rfc2136, --dns-cloudxns, --duplicate, --dry-run, --dns-cloudflare, --dns-digitalocean, --disable-renew-updates, --dns-gehirn

Unfortunately, I can't update it

What I mean is that, now they use snapd to update, but I can't install snapd on my server

I removed the extra dash in my post. Check again. It's supposed to be -d, not --d.

I get this error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You are updating certificate oceanwars.fr to include new domain(s):
+ www.oceanwars.fr

You are also removing previously included domain(s):
(None)

Did you intend to make this change?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(U)pdate cert/(C)ancel: U
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

Please show your current renewal configuration file. You're experiencing the known issue I was mentioning to Osiris.

Here it is:

# renew_before_expiry = 30 days
version = 0.28.0
archive_dir = /etc/letsencrypt/archive/oceanwars.fr
cert = /etc/letsencrypt/live/oceanwars.fr/cert.pem
privkey = /etc/letsencrypt/live/oceanwars.fr/privkey.pem
chain = /etc/letsencrypt/live/oceanwars.fr/chain.pem
fullchain = /etc/letsencrypt/live/oceanwars.fr/fullchain.pem

# Options used in the renewal process
[renewalparams]
installer = apache
manual_public_ip_logging_ok = True
authenticator = apache
server = https://acme-v02.api.letsencrypt.org/directory
account = somehash

Since I can't update certbot, should I use something else instead?

Let's try something. What's the DocumentRoot in your apache vHost for your domain.

Which one? I have many 2 one for port 80 and the other one for port 443 for the same domain

They should be the same

001-oceanwars.fr.conf (port 80):
<Virtualhost *:80>
ServerName oceanwars.fr
DocumentRoot /var/www/html
RewriteEngine on
RewriteCond %{SERVER_NAME} =oceanwars.fr
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

002-oceanwars.fr.conf:
<Virtualhost *:443>
ServerName oceanwars.fr
DocumentRoot /var/www/html

	SSLEngine on
	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateFile /etc/letsencrypt/live/oceanwars.fr/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/oceanwars.fr/privkey.pem
</Virtualhost>

Try this:

sudo certbot certonly --cert-name oceanwars.fr --webroot -w /var/www/html -d "oceanwars.fr,www.oceanwars.fr" --keep --deploy-hook "apachectl -k graceful"

I still got the same error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None

You are updating certificate oceanwars.fr to include new domain(s):

• www.oceanwars.fr

You are also removing previously included domain(s):
(None)

Did you intend to make this change?

(U)pdate cert/(C)ancel: U
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

I am trying to see with my hoster if there is any way that I can get an updated version of certbot

Hmm...

even with the webroot...

maybe...

sudo certbot certonly --cert-name oceanwars.fr --webroot -w /var/www/html --preferred-challenges http-01 -d "oceanwars.fr,www.oceanwars.fr" --keep --deploy-hook "apachectl -k graceful"

Still the same error:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS

Ok the solution according to the post:

"You need to update your certbot"

I don't think there is much we can do without the updated version of certbot

Are you certain that 0.28.0 is the most recent version available to you? Even a little update would fix this. Look here at debian:

Unfortunately no, maybe you know a manual installation of certbot somewhere?

Because I can't use the package manager:
root@712:~# sudo apt install certbot
Reading package lists... Done
Building dependency tree
Reading state information... Done
certbot is already the newest version (0.28.0-1~deb9u3).
The following packages were automatically installed and are no longer required:
apparmor libapparmor-perl liblzo2-2 snap-confine squashfs-tools ubuntu-core-launcher
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

And I can't install snapd on my host

I'm going to call for reinforcements. Maybe they will know a way around this. They might not respond for a couple days.

@certbot-devs

Please review the last 15 posts or so. I think the situation will be obvious. Is there ANY workaround?

Thank you very much for your time, I hope you have a great day

You're quite welcome. I just wish we had an easier road. Hopefully the certbot developers will know a way.