search

chrismarget / certbot-asa

Cisco ASA plugin for certbot
Other
23 stars 5 forks source link

AuthorizationError: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA #8

Open catalinpetrisor opened 6 years ago

catalinpetrisor commented 6 years ago

Hi,

First off, thanks for a great tutorial. I am getting the error below:

Do you have a workaround / fix for this?

Thank again.

Performing the following challenges: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 9, in load_entry_point('certbot==0.20.0', 'console_scripts', 'certbot')() File "/usr/lib/python2.7/site-packages/certbot/main.py", line 861, in main return config.func(config, plugins) File "/usr/lib/python2.7/site-packages/certbot/main.py", line 698, in run certname, lineage) File "/usr/lib/python2.7/site-packages/certbot/main.py", line 85, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/usr/lib/python2.7/site-packages/certbot/client.py", line 357, in obtain_and_enrollcertificate certr, chain, key, = self.obtain_certificate(domains) File "/usr/lib/python2.7/site-packages/certbot/client.py", line 318, in obtain_certificate self.config.allow_subset_of_names) File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 68, in get_authorizations self._choose_challenges(domains) File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 103, in _choose_challenges self.authzr[dom].body.combinations) File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 374, in gen_challenge_path return _find_smart_path(challbs, preferences, combinations) File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 411, in _find_smart_path _report_no_chall_path() File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 442, in _report_no_chall_path raise errors.AuthorizationError(msg) AuthorizationError: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

mishinev commented 6 years ago

@catalinpetrisor The problem is that Let's Encrypt did disable TLS-SNI validation method used by this plugin. Which unfortunately makes certbot-asa plugin useless :-(

Here is the announce from Let's Encrypt:

https://community.letsencrypt.org/t/2018-01-11-update-regarding-acme-tls-sni-and-shared-hosting-infrastructure/50188

placidsolace commented 6 years ago

Are there any plans for "...moving to the HTTP validation method..." with regard to the certbot-asa plugin?

chrismarget commented 6 years ago

Using HTTP validation would require the ASA to serve arbitrary web pages at:

http://<your_domain>/.well-known/acme-challenge/<challenge_string>

If that's possible with an ASA, I don't know how to do it.

Fhajad commented 6 years ago

Seems there may need to be an update to this to state it won't work. I went through all the steps to get this setup and running, only to find this issue three hours after the fact.