LetsEncrypt SSL – All renewal attempts failed.

If you’re getting the following error it means that your certbot script is outdated.

certbot[32330]: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

First check which version you are running, you need 0.28 or later.

# certbot --version

In my case i had python-certbot 0.10.2-1 but a package named certbot 0.28.0-1~deb9u2 was available for upgrade. Why this hasn’t been upgraded automatically confuses me but luckily it can be done by hand:

# apt install certbot

If the installation was successful you can give it a test run.

# certbot renew --dry-run

Notice that this might stop and start apache several times so make sure to run this out of production time!