Note: If you consider using Let’s Encrypt, please understand it will ask to register your IP in a public database. You may want consider changing your IP for a public production system, or consider a system like Cloudflare origin certificates.
To remedy the error received when attempting to get a certificate: “Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.” you must follow these commands to update certbot to certbot-auto.
History: As of January 9th, 2018, Let’s Encrypt no longer supports the certbot installed due to potential issues of clients obtaining fake certificates. Read the Let’s Encrypt Offical Notice: >>
From CLI:
sudo wget https://dl.eff.org/certbot-auto
sudo mv ./certbot-auto /usr/bin/
sudo chmod 755 /usr/bin/certbot-auto
sudo chown root:root /usr/bin/certbot-auto
LAMP or LEMP
sudo certbot-auto --apache -d yourdomain.com
sudo certbot-auto --nginx -d yourdomain.com
Replace yourdomain with your domain or subdomain.
These commands update the certbot client to cerbot-auto, and at the same time allows you to request a new certificate. All the other pre- Let’s Encrypt procedures as outlined in our directions still apply.
For those with seeking High Availability e-commerce solutions, it may be in your best interest to purchase a certificate. Free certs are great for development and test environments.
Note: For newer deployments of Ubuntu, i.e. 22 LTS, you may have to once again use certbot.