I’ve been trying to get a certificate using a certificate signing request I’ve generated myself because I’ve been using public key pinning and want to keep the same key pair.
I ran into this issue where the csr had to be in der format and I’ve fixed that but now when I run the client
./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth --csr /home/michael/ssl/csr.der
I get an error message
Error: unauthorized :: The client lacks sufficient authorization :: Error creating new cert :: Authorizations for these names not found or expired: xo.tc
I’ve picked the ‘Automatically use a temporary webserver’ option and I can see it comes up with 200 when the well-known page is requested. I’ve seen other issues that look similar that are 'Name is not whitelisted’
but this is ‘Authorizations for these names not found or expired’ and I’ve checked the two domains names (xo.tc and www.xo.tc) are in the Closed Beta Invite email.
It fails when I run it with Apache as well. I can post the logs from
/var/log/letsencrypt if they will be of use.