Client does not support any combination of challenges that will satisfy the CA

It is because Let’s Encrypt has currently disabled the TLS-SNI-01 challenge due to an identified security issue.


If you’re serving files for that domain out of a directory on that server, you can run the following command:

certbot --authenticator webroot --webroot-path --installer nginx -d

If you’re not serving files out of a directory on the server, you can temporarily stop your server while you obtain the certificate and restart it after Certbot has obtained the certificate. This would look like:

certbot --authenticator standalone --installer nginx -d --pre-hook "service nginx stop" --post-hook "service nginx start"

If using apache:

certbot --authenticator standalone --installer apache -d --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"


apache2ctl stop
letsencrypt --authenticator standalone --installer apache -d your.domain

Leave a Reply

Your email address will not be published. Required fields are marked *