Can we create certificate for CNAME Records also with letsencrypt.org


#1

while running below comand for generating certificates for stg01-api.mykaarma.com

./certbot-auto certonly --standalone -d stg01-api.mykaarma.com

i am getting below errors.

Failed authorization procedure. stg01-api.mykaarma.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested b253457ce6b866d8b765a5674fd56f65.0ca9eb22027d84ef2a2b6a22c9a272a2.acme.invalid from 74.80.237.3:443. Received certificate containing ‘api-qa.mykaarma.com, www.api-qa.mykaarma.com

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: stg01-api.mykaarma.com
    Type: unauthorized
    Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
    Requested
    b253457ce6b866d8b765a5674fd56f65.0ca9eb22027d84ef2a2b6a22c9a272a2.acme.invalid
    from 74.80.237.3:443. Received certificate containing
    api-qa.mykaarma.com, www.api-qa.mykaarma.com

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

this is the DNS entry i got from DNS-TEAM

KY000634-LM-AL:~ amit.sharma$ dig stg01-api.mykaarma.com

; <<>> DiG 9.8.3-P1 <<>> stg01-api.mykaarma.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47987
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;stg01-api.mykaarma.com. IN A

;; ANSWER SECTION:
stg01-api.mykaarma.com. 976 IN CNAME api-qa.mykaarma.com.
api-qa.mykaarma.com. 976 IN CNAME pubip02.ic2irv.kaar-ma.com.
pubip02.ic2irv.kaar-ma.com. 3592 IN A 74.80.237.3

;; Query time: 83 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jan 4 13:27:05 2017
;; MSG SIZE rcvd: 114

we allready have certificats for api-qa.mykaarma.com that we purchased from COMODO.

Please Help !!

Thanks,
Amit


#2

hi amit

try DNS or HTTP challenge instead of TLS-SNI challenge


#3

Thanks @ahaw021

./certbot-auto certonly -d stg01-api.mykaarma.com --standalone-supported-challenges dns-01 or http-01

is this right command ? ^


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.