Let’s Encrypt Error: “Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.”

Last updated on
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/example.com/fullchain.pem (failure)

On Jan 9th 2018 Let’s Encrypt got a report that one of their three validation methods, TLS-SNI-01, could be used to get certificates for domains you don’t own. As a result, Let’s Encrypt permanently disabled the TLS-SNI-01 challenge.

The above issue can be resolved by updating to the latest version of Certbot and renewing certs again.

Alternatively, these hooks below will cause Certbot to automatically stop your server to obtain certificates and then start it again. This should only be a temporary measure until you update Certbot because when it comes to renewing your cert again in 90 days, Certbot may fail.

Note for Cloudflare users: You must temporarily Pause your website in the control panel, otherwise Cloudflare may interfere with the renewal.

Apache

For Apache, run this command. Make sure to replace example.com with your own domain.

sudo certbot --authenticator standalone --installer apache -d example.com -d www.example.com --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"

Nginx

For Nginx, run this command. Make sure to replace example.com with your own domain.

sudo certbot --authenticator standalone --installer nginx -d example.com -d www.example.com --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"

Let me know in the comments if this helped. Follow me @DevAnswers or read more.

1 Star2 Stars3 Stars4 Stars5 Stars 4.77 (13 votes)

Feedback

Your email address will not be published. Required fields are marked *

We use Markdown to style comments, like on Github and Reddit.
To do a line break, type two spaces after the sentence.
You can add inline code by wrapping it in backticks: `code here`

    To do an entire block of code  
    type four spaces before the line
    and it will appear in a block like this.
    <-- four empty spaces

5 replies