DigitalOcean

Report this

What is the reason for this report?
Question

How can I renew my Let's Encrypt Certificate?

Posted on December 2, 2019
Let's Encrypt
estanis

By estanis

Hi there, I’m trying to renew my Let’s Encrypt certificate but the server returns this: “Client with the currently selected authenticator does not Support any combination of challenges that will Satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS”.

I tried three different commands that I found at digitalocean community:

  1. sudo certbot --apache -d xplendid.place -d *.xplendid.place
  2. sudo certbot certonly --standalone --preferred-challenges http -d xplendid.place -d *.xplendid.place
  3. sudo certbot certonly --standalone --preferred-challenges tls-sni -d xplendid.place -d *.xplendid.place

Server System: Linux Xplendid 4.15.0-62-generic #69-ubuntu SMP Wed Sep 4 20:55:53 UTC 2019 x86 64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 18.04.3 LTS Release: 18.04 Codename: bionic

I’m a new user and I’m not an experient one. Could you help me sending instructions on how to fix this issue?

Thank you in advance.

Estanislao



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby
Bobby
December 3, 2019

Hello,

In order to renew a wildcard certificate, you need to use the following command:

certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d "*.example.com" -d example.com

After that you would be asked to add a TXT DNS record for your domain name. This is how your domain name would be verified.

Once you add your TXT record just press Enter and your certificate should get renewed.

Hope that this helps! Regards, Bobby

0
estanis
estanis
December 3, 2019

Hi, bobbyiliev, Thanks for your help. I used the command you sent in your answer and the certificate was generated without problems after I deployed the DNS TXT I received a message informing me that the certificate and chain has been saved. But the browser still informing that the website is not secure. How can I fix this? What else do I have to do to fix this issue? Regards, Estanislao

0
estanis
estanis
December 3, 2019

Hi, bobbyiliev, It works! I restarted the apache and now the website is working properly.

Thank you very much!

Regards, Estanislao

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.