Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: kingdomorganicseeds.com
I ran this command: certbot-auto --apache
It produced this output:
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 5 6
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for kingdomorganicseeds.com
tls-sni-01 challenge for www.kingdomorganicseeds.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.kingdomorganicseeds.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested ca33dc6aef1f2e2172ae6e04fc0e2267.0b5430db61ff93336776d2c888124057.acme.invalid from 198.71.56.71:443. Received 2 certificate(s), first certificate had names " (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested d650d69e6b06edfe792f1f210e387801.f2d55813daeaec48e619262995df1537.acme.invalid from 198.71.56.71:443. Received 2 certificate(s), first certificate had names
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: www.kingdomorganicseeds.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
ca33dc6aef1f2e2172ae6e04fc0e2267.0b5430db61ff93336776d2c888124057.acme.invalid
from 198.71.56.71:443. Received 2 certificate(s), first certificate
had namesDomain: kingdomorganicseeds.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
d650d69e6b06edfe792f1f210e387801.f2d55813daeaec48e619262995df1537.acme.invalid
from 198.71.56.71:443. Received 2 certificate(s), first certificate
had names
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
Apach 2.2.15
The operating system my web server runs on is (include version):
CentOS 6.9
My hosting provider, if applicable, is:
1and1 VPS
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes I can login to root
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Im Using Webmin/Virtualmin to manage basic processes but didn’t realize they had a built in letsencrypt until after I used certbot. Now it forces me to use certbot.
My Log File Looks Like:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1885
Link: https://acme-v01.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: NJQ9Owi8Em4hvvcZJm3zqFd-59-V7gvyJ34mCUv2KRs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 12 Mar 2018 20:20:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 12 Mar 2018 20:20:33 GMT
Connection: keep-alive
b’{\n “identifier”: {\n “type”: “dns”,\n “value”: “www.kingdomorganicseeds.com”\n },\n “status”: “invalid”,\n “expires”: “2018-03-19T20:20:23Z”,\n “challenges”: [\n {\n “type”: “dns-01”,\n “status”: “pending”,\n $
2018-03-12 20:20:32,161:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: www.kingdomorganicseeds.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested ca33dc6aef1f2e2172ae6e04fc0e2267.0b5430db61ff93336776d2c888124057.acme.invalid from 198.71.56.71:443. Received 2 certificate(s), first certificate had names "s$
Domain: kingdomorganicseeds.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested d650d69e6b06edfe792f1f210e387801.f2d55813daeaec48e619262995df1537.acme.invalid from 198.71.56.71:443. Received 2 certificate(s), first certificate had names "s$
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2018-03-12 20:20:32,161:INFO:certbot.auth_handler:Cleaning up challenges
2018-03-12 20:20:32,616:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 11, in
load_entry_point(‘letsencrypt==0.7.0’, ‘console_scripts’, ‘letsencrypt’)()
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py”, line 1266, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py”, line 1031, in run
certname, lineage)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/main.py”, line 118, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/client.py”, line 350, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/client.py”, line 294, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/client.py”, line 330, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(resp, best_effort)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py”, line 157, in _respond
self._poll_challenges(chall_update, best_effort)
File “/opt/eff.org/certbot/venv/lib64/python3.4/site-packages/certbot/auth_handler.py”, line 220, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.kingdomorganicseeds.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 chall$
I am using root to do this. All 7 of my other domains on this server was successfully used by certbot to create it’s new certificates. The first time trying to do these domains I hadn’t updated the DNS records. But I have since done this and check with DNS Stuff and other DNS webtools to ensure everyone has the right ip address and settings.
Creating a file in the .well-known/acme-challenge/ folder I can view the text file but the file certbot is supposed to be creating and inserting into this folder is not being created.