Question

How can I renew my Let's Encrypt Certificate?

Hi there, I’m trying to renew my Let’s Encrypt certificate but the server returns this: “Client with the currently selected authenticator does not Support any combination of challenges that will Satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS”.

I tried three different commands that I found at digitalocean community:

  1. sudo certbot --apache -d xplendid.place -d *.xplendid.place
  2. sudo certbot certonly --standalone --preferred-challenges http -d xplendid.place -d *.xplendid.place
  3. sudo certbot certonly --standalone --preferred-challenges tls-sni -d xplendid.place -d *.xplendid.place

Server System: Linux Xplendid 4.15.0-62-generic #69-ubuntu SMP Wed Sep 4 20:55:53 UTC 2019 x86 64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 18.04.3 LTS Release: 18.04 Codename: bionic

I’m a new user and I’m not an experient one. Could you help me sending instructions on how to fix this issue?

Thank you in advance.

Estanislao


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi, bobbyiliev, It works! I restarted the apache and now the website is working properly.

Thank you very much!

Regards, Estanislao

Hi, bobbyiliev, Thanks for your help. I used the command you sent in your answer and the certificate was generated without problems after I deployed the DNS TXT I received a message informing me that the certificate and chain has been saved. But the browser still informing that the website is not secure. How can I fix this? What else do I have to do to fix this issue? Regards, Estanislao

Hello,

In order to renew a wildcard certificate, you need to use the following command:

certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.example.com" -d example.com

After that you would be asked to add a TXT DNS record for your domain name. This is how your domain name would be verified.

Once you add your TXT record just press Enter and your certificate should get renewed.

Hope that this helps! Regards, Bobby