been disabled by Letsencrypt<\/a>. This is down to security issues with the original primary authenticator.<\/p>\nTo validate new domains you will need to configure what authenticator it uses by default.<\/p>\n
Fixing the problem for new validations<\/h2>\n
While they push out new changes for certbot\u00a0there is a way to use other authentication methods.<\/p>\n
In Fedora you can run the following command to add a new certificate for apache:<\/p>\n
certbot --authenticator standalone --installer apache --pre-hook \"systemctl stop httpd\" --post-hook \"systemctl start httpd\"<\/pre>\nThis authenticator<\/code> flag is used to make certbot use the standalone authenticator. This is currently\u00a0accepted as it doesn’t have the security flaws.<\/p>\nThe installer<\/code> flag tells letsencrypt to set up the certificate for apache. This can be changed to nginx or any\u00a0other supported webservers.<\/p>\nThe final parts, pre-hook<\/code> and post-hook<\/code>\u00a0are used to stop and start the webserver so it properly reloads the modified configuration. This can be ignored but for apache on Fedora it is sometimes required so it knows how to properly reload it. If you get errors with this you will want to try adding it. This may need to be changed for different webservers.<\/p>\nHopefully this should help you set up new https websites using Letsencrypt in the meantime.<\/p>\n","protected":false},"excerpt":{"rendered":"
This post goes through the steps of fixing Letsencrypt with the issue “Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.”.<\/p>\n","protected":false},"author":1,"featured_media":983,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[3],"tags":[68,107,113,110,111,112],"class_list":["post-982","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-fixes","tag-apache","tag-autossl","tag-free-ssl-certificate","tag-lets-encrypt","tag-ssl","tag-ssl-certificate"],"wppr_data":{"cwp_meta_box_check":"No"},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/01\/fixing_letsencrypt_fedora.jpg?fit=800%2C800&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p2toWX-fQ","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":490,"url":"https:\/\/chewett.co.uk\/blog\/490\/setting-ssl-certbot-apache-fedora\/","url_meta":{"origin":982,"position":0},"title":"Setting up SSL with certbot with Apache and Fedora","author":"Chewett","date":"August 16, 2017","format":false,"excerpt":"This post describes how to set \u00a0up a SSL certificate with Certbot on Apache and Fedora. The guide primarily follows the guide on the certbot website however adds some additional information for if auto configuration fails. Running Certbot on Fedora On Fedora running certbot is relatively easy as it is\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/08\/ssl_with_apache_fedora_and_certbot.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/08\/ssl_with_apache_fedora_and_certbot.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/08\/ssl_with_apache_fedora_and_certbot.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/08\/ssl_with_apache_fedora_and_certbot.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":297,"url":"https:\/\/chewett.co.uk\/blog\/297\/lets-encrypt-auto-ssl-web-host-manager-cpanel-server\/","url_meta":{"origin":982,"position":1},"title":"Let’s Encrypt Auto SSL on Web Host Manager CPanel Server","author":"Chewett","date":"May 12, 2017","format":false,"excerpt":"This blog post describes how to set up free SSL certificates on a Web Host Manager CPanel server. This requires root access to the server, if you don't have access to this then you must ask your service provider to install it for you. What is Let's Encrypt? Let's Encrypt\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":921,"url":"https:\/\/chewett.co.uk\/blog\/921\/error-accessing-hp-ilo3-error-err_ssl_bad_record_mac_alert-problem-fixed\/","url_meta":{"origin":982,"position":2},"title":"Error accessing HP iLO3 with error ERR_SSL_BAD_RECORD_MAC_ALERT Problem Fixed","author":"Chewett","date":"December 27, 2017","format":false,"excerpt":"This post describes how to access a HP iLO3 webpage when all your webrowsers give the ERR_SSL_BAD_RECORD_MAC_ALERT error. Why this problem occurs Web browsers will give the ERR_SSL_BAD_RECORD_MAC_ALERT warning when visiting websites that use an older version of OpenSSL to provide the SSL connection. This will typically stop your computer\u2026","rel":"","context":"In "Fixes"","block_context":{"text":"Fixes","link":"https:\/\/chewett.co.uk\/blog\/category\/fixes\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/01\/fixing_hp_ilo3_ssl.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/01\/fixing_hp_ilo3_ssl.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/01\/fixing_hp_ilo3_ssl.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/01\/fixing_hp_ilo3_ssl.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":854,"url":"https:\/\/chewett.co.uk\/blog\/854\/installing-root-certificate-authority-firefox\/","url_meta":{"origin":982,"position":3},"title":"Installing a Root Certificate Authority in Firefox","author":"Chewett","date":"November 18, 2017","format":false,"excerpt":"Firefox, unlike many other applications, keeps a store of its own trusted root certificate authorities. This means that adding a new root certificate to the operating system will not work. This post runs through how to add a new root certificate to Firefox. Why we need to add a Root\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/installing_root_ca_firefox.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/installing_root_ca_firefox.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/installing_root_ca_firefox.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/installing_root_ca_firefox.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":1449,"url":"https:\/\/chewett.co.uk\/blog\/1449\/installing-a-root-certificate-authority-on-fedora-28\/","url_meta":{"origin":982,"position":4},"title":"Installing a Root Certificate Authority on Fedora 28","author":"Chewett","date":"August 15, 2018","format":false,"excerpt":"This post documents the process of installing a Root Certification Authority on Fedora 28. Adding a Root Certificate Authority to Fedora 28 First you must obtain the PEM file for your root certificate. This will either need to be created by you or will be given to you by your\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/08\/installing_root_ca_fedora28.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/08\/installing_root_ca_fedora28.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/08\/installing_root_ca_fedora28.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2018\/08\/installing_root_ca_fedora28.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":841,"url":"https:\/\/chewett.co.uk\/blog\/841\/installing-root-certificate-authority-fedora-26\/","url_meta":{"origin":982,"position":5},"title":"Installing a Root Certificate Authority on Fedora 26","author":"Chewett","date":"November 11, 2017","format":false,"excerpt":"This post documents the process of installing a Root Certification Authority on Fedora 26. Adding a Root Certification Authority to Fedora 26 First you must obtain the PEM file for your root certificate. This will either need to be created by you or will be given to you by your\u2026","rel":"","context":"In "Informational"","block_context":{"text":"Informational","link":"https:\/\/chewett.co.uk\/blog\/category\/informational\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/installing_root_ca_fedora.jpg?fit=800%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/installing_root_ca_fedora.jpg?fit=800%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/installing_root_ca_fedora.jpg?fit=800%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/chewett.co.uk\/blog\/wp-content\/uploads\/2017\/11\/installing_root_ca_fedora.jpg?fit=800%2C800&ssl=1&resize=700%2C400 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts\/982","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=982"}],"version-history":[{"count":2,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts\/982\/revisions"}],"predecessor-version":[{"id":985,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/posts\/982\/revisions\/985"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/media\/983"}],"wp:attachment":[{"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=982"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chewett.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}