Beginner attempting to update cert

petro · April 19, 2017, 11:54pm

Please fill out the fields below so we can help you better.

My domain is:

(mydomain).duckdns.org

I ran this command: ./certbot-auto certonly

I selected 2 as my option, then i entered my domain.

It produced this output:

Failed authorization procedure. (mydomain).duckdns.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 4886aac670d3081152603f307870e590.700aa689715a8c3f7266a0b92d14b88c.acme.invalid from 66.66.208.16:443. Received 2 certificate(s), first certificate had names "(mydomain).duckdns.org"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: (mydomain).duckdns.org
   Type:   unauthorized
   Detail: Incorrect validation certificate for tls-sni-01 challenge.
   Requested
   4886aac670d3081152603f307870e590.700aa689715a8c3f7266a0b92d14b88c.acme.invalid
   from (myip):443. Received 2 certificate(s), first certificate
   had names "(mydomain).duckdns.org"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

My operating system is (include version):

PRETTY_NAME="Raspbian GNU/Linux 8 (jessie)"
NAME="Raspbian GNU/Linux"
VERSION_ID="8"
VERSION=“8 (jessie)”

My web server is (include version):

no clue, I set up letsencrypt. I don’t remember setting a web server up. Not knowing much about the ‘llingo’, I would assume that my web server is HomeAssistant. When I go to my domain, I see my Home Assistant page.

My hosting provider, if applicable, is:

No clue, see comment above.

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

I don’t think I have one. I believe this is managed by HA.

Ultimately my problem is that I cannot update the cert. It’s giving me the above error and google searches turn up many different solutions revolving around apache or nginx. I don’t remember setting either of those up, let alone installing them.

schoen · April 20, 2017, 12:15am

Hi @petro,

Since you left your IP address there I was able to connect to your server and I see that you do have an existing cert from Let’s Encrypt.

Is it possible that you’ve previously followed the instructions at

or that newer versions of Home Assistant somehow do something like this automatically?

It looks like Home Assistant operates its own built-in web server, while when you ran certbot-auto, it at least thought you had Apache installed. (Maybe you do and maybe you don’t, but Home Assistant apparently isn’t using it to serve your site.)

jspenguin2017 · April 20, 2017, 1:47am

From HTTP header, your server software is:
Server: Python/3.4 aiohttp/1.3.1

So it’s probably a custom server. You can try to temporary shut down the server and use the standalone mode of Certbot.

system · May 20, 2017, 1:50am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.