Apache Security

LetsEncrypt SSL – All renewal attempts failed.

If you’re getting the following error it means that your certbot script is outdated.

certbot[32330]: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

First check which version you are running, you need 0.28 or later.

# certbot --version

In my case i had python-certbot 0.10.2-1 but a package named certbot 0.28.0-1~deb9u2 was available for upgrade. Why this hasn’t been upgraded automatically confuses me but luckily it can be done by hand:

# apt install certbot

If the installation was successful you can give it a test run.

# certbot renew --dry-run

Notice that this might stop and start apache several times so make sure to run this out of production time!

By Nimpen J. Nordström

System Developer and Network Security Enthusiast