Let’s Encrypt – “does not support any combination of challenges”

Note: If you consider using Let’s Encrypt, please understand it will ask to register your IP in a public database. You may want consider changing your IP for a public production system, or consider a system like Cloudflare origin certificates.

To remedy the error received when attempting to get a certificate: “Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.” you must follow these commands to update certbot to certbot-auto.

History: As of January 9th, 2018, Let’s Encrypt no longer supports the certbot installed due to potential issues of clients obtaining fake certificates. Read the Let’s Encrypt Offical Notice: >>

From CLI:

sudo wget https://dl.eff.org/certbot-auto

sudo mv ./certbot-auto /usr/bin/

sudo chmod 755 /usr/bin/certbot-auto

sudo chown root:root /usr/bin/certbot-auto


sudo certbot-auto --apache -d yourdomain.com

sudo certbot-auto --nginx -d yourdomain.com

Replace yourdomain with your domain or subdomain.

These commands update the certbot client to cerbot-auto, and at the same time allows you to request a new certificate. All the other pre- Let’s Encrypt procedures as outlined in our directions still apply.

For those with seeking High Availability e-commerce solutions, it may be in your best interest to purchase a certificate. Free certs are great for development and test environments.

Note: For newer deployments of Ubuntu, i.e. 22 LTS, you may have to once again use certbot.