Unsatisfying challenges for certificates renewal?

My domain is :
hijackedbrain.com

I / crontab ran this command :
/usr/bin/certbot renew
and after it failed, I tried to update certificates manually
letsencrypt --apache -d hijackedbrain.com -d git.hijackedbrain.com -d safe.hijackedbrain.com -d wip.hijackedbrain.com -d horde.hijackedbrain.com certonly

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/hijackedbrain.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Attempting to renew cert from /etc/letsencrypt/renewal/hijackedbrain.com.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.. Skipping.

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/hijackedbrain.com-0001.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Attempting to renew cert from /etc/letsencrypt/renewal/hijackedbrain.com-0001.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.. Skipping.

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/hijackedbrain.com/fullchain.pem (failure)
  /etc/letsencrypt/live/hijackedbrain.com-0001/fullchain.pem (failure)
2 renew failure(s), 0 parse failure(s)

My web server is (include version): Apache 2 (2.4.25-3+deb9u7)

The operating system my web server runs on is (include version) : Debian 9.9

My hosting provider, if applicable, is : online.net

I can login to a root shell on my machine : yes

I’m using a control panel to manage my site : no, plain ssh

The version of my client is : certbot 0.10.2

Oh my.. That version is like, older than the invention of electricity! Try upgrading your certbot to 0.28 or higher and try again.

Will do and report about it later that day. Thanks. Also I admit I assumed that certbot would be able to upgrade itself when asking for certs.

Most likely you've used your Debian package manager to install certbot. It would be the responsibility of that package manager to update certbot.

That’s what I thought, but I apt-get update & upgrade the machine as soon as I saw something was wrong… And I installed certbot years ago, so I assume I got a standalone version somehow.

Hi @Aryetis

you can switch to certbot-auto if you use http-01 validation.

Certbot-auto has a self-updating.

That would be the case if you were using certcot-auto, but not a packaged installation of certbot.

Apt-get was holding hostages everything certbot related for some reasons. I reinstalled it and I’m now up to certbot 0.28.0 using http-01.

Thank you guys.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.