Cách renew Let’s Encrypt (Certbot) khi gặp lỗi “Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.”



Trần Thanh Luân / 11-06-2019

Với trường hợp sử dụng certbot trên Linux để tạo let’s Encrypt.

Khi certificate hết hạn. Chạy lệnh sau để renew:

sudo certbot renew

Nếu chạy lệnh trên sinh ra lỗi sau:

Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/example.com/fullchain.pem (failure)

Hãy chạy lệnh sau để renew một certificate:

1. Với Apache:
sudo certbot --authenticator standalone --installer apache -d example.com -d www.example.com --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"
2. Với Nginx:
sudo certbot --authenticator standalone --installer nginx -d example.com -d www.example.com --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"

Trang tham khảo cách tạo certificate:
– Cerbot linux: https://certbot.eff.org/docs/using.html#apache
– win-acme window: https://github.com/PKISharp/win-acme/wiki/Command-Line-Arguments


to-top