Tag Archives: letsencrypt

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

So, I was trying to create a SSL certificate with certbot…..

root@sd-5555:~# certbot --apache -d blog.domain.com

This was how I’v done to properly create it.

certbot --authenticator standalone --installer apache -d blog.domain.com --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"

letsencrypt – Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

letsencrypt topic about this issue: https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983/2


This is due to a security incident with LetsEncrypt

Incident Status Security Issue
Components acme-v01.api.letsencrypt.org (Production), acme-staging.api.letsencrypt.org (Staging), acme-staging-v02.api.letsencrypt.org (Staging)
Locations High Assurance Datacenter 1, High Assurance Datacenter 2

/.well-known/acme-challenge/ – 404

 

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

Domain: subdomain.domain.com
 Type: unauthorized
 Detail: Invalid response from
 http://subdomain.domain.com/.well-known/acme-challenge/XXXXXXX_XXXXXXXX:
 "<!DOCTYPE html>
 <html lang="en">
 <head>
 <title>404 Page Not Found</title>
 <style type="text/css">

::selection{ background-color"

To fix these errors, please make sure that your domain name was
 entered correctly and the DNS A record(s) for that domain
 contain(s) the right IP address.

Try to add the following, inside server{}, on user nginx domain configuration..

location /.well-known/acme-challenge/ {
    try_files $uri /dev/null =404;
}

And reboot nginx… 🙂

letsencrypt renew – 404 – Detail: Invalid response

So!,

letsencrypt renew output

Domain: www.domain.com
Type: unauthorized
Detail: Invalid response from
 http://www.domain.com/.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6:

nginx error log

66.133.XXX.XXX - - [11/Feb/2017:09:33:20 +0100] "GET /.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6 HTTP/1.1" 404 247 "http://www.domain.com/.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

“Somehow” my domain root has changed.
I had to take a look at /etc/letsencrypt/renewal/domain.com.conf and fix some paths… 🙂