Wildcard Certificate error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: aadrila.com

I ran this command: sudo ./certbot-auto --authenticator standalone --installer apache --debug -v --server https://acme-v02.api.letsencrypt.org/directory certonly -d *.aadrila.com

It produced this output: Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1379, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1262, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 120, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 406, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 349, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 385, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 61, in handle_authorizations
achalls = self._choose_challenges(authzrs)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 181, in _choose_challenges
combinations)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 297, in gen_challenge_path
return _find_smart_path(challbs, preferences, combinations)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 333, in _find_smart_path
_report_no_chall_path(challbs)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 372, in _report_no_chall_path
raise errors.AuthorizationError(msg)
AuthorizationError: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Please see the logfiles in /var/log/letsencrypt for more details.

My web server is (include version): Apache2.0

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Certbot

This part of the error message explains what is happening.

With Certbot, you would need to use Welcome to certbot-dns-route53’s documentation! — certbot-dns-route53 0 documentation to generate your wildcard certificate.

However, it is not available when using certbot-auto. So your options are to install Certbot and the DNS plugin from your operating system's repositories (if available), or choose another ACME client, like acme.sh, which can also issue wildcards using Route53.

Since you are using Amazon AMI, I don't think that the Certbot Route53 plugin is available for your OS.

Then what could be a solution if I am using Amazon Linux AMI.

You can try acme.sh. As I mentioned, it also supports wildcards using Route53: https://github.com/Neilpang/acme.sh/wiki/dnsapi#10-use-amazon-route53-domain-api

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.