Closed
Description
Problem/Motivation
The certs didn't get renewed after expiration.
Expected behavior
It should be renewed automatically.
Actual behavior
I use cloudflare with dns challange. (Wildcard certs)
Cloudflare DNS proxy is disabled.
The renewal doesn't work however I can get a new certificate with the same credentials. But when it expires, it will again fail to renew and I will have to manually get the certificate again.
I am getting below error in data/logs/letsencrypt/letsencrypt.log
2021-08-17 21:03:55,029:CRITICAL:certbot._internal.auth_handler:Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
2021-08-17 21:03:55,029:ERROR:certbot._internal.renewal:Failed to renew certificate npm-2 with error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
2021-08-17 21:03:55,036:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 471, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1235, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 124, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 331, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 62, in handle_authorizations
achalls = self._choose_challenges(authzrs)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 204, in _choose_challenges
path = gen_challenge_path(
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 319, in gen_challenge_path
return _find_smart_path(challbs, preferences, combinations)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 355, in _find_smart_path
_report_no_chall_path(challbs)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 394, in _report_no_chall_path
raise errors.AuthorizationError(msg)
certbot.errors.AuthorizationError: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
2021-08-17 21:03:57,170:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-08-17 21:03:57,171:CRITICAL:certbot._internal.auth_handler:Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
2021-08-17 21:03:57,172:ERROR:certbot._internal.renewal:Failed to renew certificate npm-3 with error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
2021-08-17 21:03:57,174:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 471, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1235, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 124, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 331, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 62, in handle_authorizations
achalls = self._choose_challenges(authzrs)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 204, in _choose_challenges
path = gen_challenge_path(
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 319, in gen_challenge_path
return _find_smart_path(challbs, preferences, combinations)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 355, in _find_smart_path
_report_no_chall_path(challbs)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 394, in _report_no_chall_path
raise errors.AuthorizationError(msg)
certbot.errors.AuthorizationError: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
2021-08-17 21:03:57,179:DEBUG:certbot.display.util:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-08-17 21:03:57,179:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2021-08-17 21:03:57,180:ERROR:certbot._internal.renewal: /etc/letsencrypt/live/npm-2/fullchain.pem (failure)
/etc/letsencrypt/live/npm-3/fullchain.pem (failure)
2021-08-17 21:03:57,181:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-08-17 21:03:57,181:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3.8/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1421, in main
return config.func(config, plugins)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1318, in renew
renewal.handle_renewal_request(config)
File "/usr/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 496, in handle_renewal_request
raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
certbot.errors.Error: 2 renew failure(s), 0 parse failure(s)
2021-08-17 21:03:57,183:ERROR:certbot._internal.log:2 renew failure(s), 0 parse failure(s)
some info are omitted but I can provide them if requested.
Steps to reproduce
Get a certificate from cloudflare with dns challange using your cloudflare api key.
Wait for it to expire.
Proposed changes
(If you have a proposed change, workaround or fix,
describe the rationale behind it)
Metadata
Metadata
Assignees
Labels
No labels