Domain: mail.skooly.es
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
889fc32fdfb1b0436ad1635ff8a427f5.d1cdfc58fb8146d3b9fd16305757c03f.acme.invalid
from 173.212.225.211:443. Received 1 certificate(s), first
certificate had names
"679cc0abe95d875aa2d4f67927193aa9.e4aedb119eb73dfee0f2e4299601a3c8.acme.invalid,
dummy"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Hello,
I am new to the hosting stuff and just installed a VPS with 5 different domains set up as vhost on it. Websites run, and mail has been installed via Webcow.
The server runs DEBIAN 8 with Apache 2.4.
I tried the DNS challange verification, but receive the error message above.
Must be due to the port 443, as currently the port is been used by the mailserver which I set up and which used the default installation snakeoil certificate.
Tried to sort it our myself reading some of the helpful entries here in this great community, but cannot solve it.
SSL engine is on, port 443 is open and run by mailserver.
ServerSignature off
TraceEnable off
AddDefaultCharset utf-8
ServerName "mail.skooly.es"
DocumentRoot /var/www/mail
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/mail/mail.crt
SSLCertificateKeyFile /etc/ssl/mail/mail.key
Do I need to turn it off during verification ?
Or include something also for port 443 ?
certbot --apache requires port 443 to be usable by Apache. If it’s not, you should use a different method. If you need help choosing one, please let us know more about your server configuration in terms of the server software and ports that are in use.
Does this help?
So it should be usable port 443.
Yesterday I opened port 8443 for the mail server (instead 443) to avoid any possible conflicts, restarted apache and the whole server, but I still get the same error message when running the DNS challenge.
I tried the DNS challange verification, but receive the error message above.
Nope - you are trying to do a TLS-SNI challenge
Certbot --apache will only work with TLS-SNI challenges
looking at your error it's not related to ports but rather the SSL Certificate that is generated
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
889fc32fdfb1b0436ad1635ff8a427f5.d1cdfc58fb8146d3b9fd16305757c03f.acme.invalid
from 173.212.225.211:443. Received 1 certificate(s), first
certificate had names
"679cc0abe95d875aa2d4f67927193aa9.e4aedb119eb73dfee0f2e4299601a3c8.acme.invalid,
dummy"
If there was a conflict in ports a certificate would not be available (none retrieved)
This suggest you are having SSL issues (are these new?)
You can run the webroot option as your HTTP connectivity is fine. This will get you a valid certificate and you can then enable HTTPS in the Apache configs
thx for your reply and pointing out.
You are right with what you’re saying about the challenge.
Yes, the certificates are new, as the whole VPS server is for me.
I installed mailserver with Snakeoil certificates.
2 And then I tried Lets Encrypt TLS SNI challenge with certbot --apache several times.
And I think I even tried webroot challenge at some point.
Always with same error msg. Will try webroot again.
Can’t I simply delete the certificate679cc0abe95d875aa2d4f67927193aa9.e4aedb119eb73dfee0f2e4299601a3c8.acme.invalid, dummy
which is generating the error msg ?