Wildcard request: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA


#1

Can you speak clear text please?
What is HTTP-01? I’ve been a webdev for 16 years and never heard about HTTP-01.
What am I supposed to do when I receive "Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS."
when doing

certbot certonly --server https://acme-v02.api.letsencrypt.org/directory -d *.power-forums.com -w /var/www/acme/

Solution: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA
#2

The method by which your server proves control to the CA that it controls power-forums.com. Previously Certbot used a different method, TLS-SNI-01, which was later disabled, so now you are left with either HTTP-01 or DNS-01.

As written in the post, update your Certbot to a newer version, and it should automatically deal with renewal.

That’s not going to work, because wildcards are only available by DNS-01 (which requires automatically or manually adding TXT records to your domain’s DNS).

Are you sure you need a wildcard? Based on your previous certificates, it wouldn’t seem that way.

If you only need [power-forums.com www.power-forums.com], perhaps you can try:

certbot certonly --preferred-challenges http -d www.power-forums.com -d power-forums.com -w /var/www/acme/

#3

HTTP-01 is a specific challenge type in the ACME specification. It involves placing a challenge file at a specific location for validation. This is one of two currently-available methods for proving ownership of a domain, with the other being DNS-01 involving the creation of a specific DNS TXT record. In order to issue a wildcard certificate, you must use DNS-01 to accomplish this, but the command you used works with the HTTP-01 challenge type. See the Certbot documentation for alternatives.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.