1. 技术文章
  2. Let's encrypt error certificate install error - “Client with the currently selected authenticator does not support any combination of challenges”

Let's encrypt error certificate install error - “Client with the currently selected authenticator does not support any combination of challenges”

廉价感情. 提交于 2019-12-20 08:48:50

问题


I got this error while renewing let's encrypt certificate:

"Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA"

How can I fix this?

The command I running is like this:

./letsencrypt-auto --apache --renew-by-default -d <domain name>

回答1:


It is because Let’s Encrypt has currently disabled the TLS-SNI-01 challenge due to an identified security issue.

The official has provided an workaroud at the Let's Encrypt community website as following:

If you’re serving files for that domain out of a directory on that server, you can run the following command:

sudo certbot --authenticator webroot --webroot-path <path to served directory> --installer nginx -d <domain>

If you’re not serving files out of a directory on the server, you can temporarily stop your server while you obtain the certificate and restart it after Certbot has obtained the certificate. This would look like:

sudo certbot --authenticator standalone --installer nginx -d <domain> --pre-hook "service nginx stop" --post-hook "service nginx start"

2018-01-19 update

Let’s Encrypt just released Certbot 0.21.0, which use HTTP-01 challenge type instead of the compromised TLS-SNI-01 by default for apache httpd and nginx. Update your certbot to get rid of this issue.




回答2:


This is what worked for me:

certbot --authenticator standalone --installer apache -d <domain> \
--pre-hook "systemctl stop apache2" \
--post-hook "systemctl start apache2"



回答3:


Run (as root or with sudo)

apache2ctl stop
letsencrypt --authenticator standalone --installer apache -d your.domain

Choose "easy" (you can tidy up later if you want https only)

The letsencrypt agent should restart apache for you.




回答4:


Since I'm using apache, I used this format,

sudo ./certbot-auto --authenticator webroot --webroot-path <path-to-webroot> --installer apache -d <your-domain>

e.g.

sudo ./certbot-auto --authenticator webroot --webroot-path /var/www/html --installer apache -d mydomain.com




回答5:


run the command and change match inside the tags <>

sudo certbot --authenticator webroot --webroot-path <path to served directory> --installer apache -d <domain>



回答6:


This works for ubuntu with nginx

sudo apt-get install --only-upgrade certbot
certbot renew


来源:https://stackoverflow.com/questions/48187964/lets-encrypt-error-certificate-install-error-client-with-the-currently-selec

标签
Ubuntu
ssl
lets-encrypt
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!