Cannot create certificate with 4 domains

My domain is:

  • scrtcrcl.com,
  • *.scrtcrcl.com,
  • secretcircle.solutions,
  • *.secretcircle.solutions

I ran this command:
I use https://github.com/fszlin/certes via https://github.com/sjkp/letsencrypt-azure

It produced this output:
Certes.AcmeException: 'Can not finalize order with status 'Invalid'.'
Because the challenge validation status of the last validated domain is Invalid

My web server is (include version):
IIS Express 10

The operating system my web server runs on is (include version):
Windows 10 2004

1 Like

But if I reduce the list of domains to any 3 of them it succeed

1 Like

Welcome to the Let’s Encrypt Community :slightly_smiling_face:

It seems like you may not have gotten the right DNS TXT record for the last one. Keep in mind that the order of the authorizations/challenges presented in the order may vary from the order you present them to the client.

You should have 4 TXT records:

  • _acme-challenge.scrtcrcl.com token a
  • _acme-challenge.scrtcrcl.com token b
  • _acme-challenge.secretcircle.solutions token c
  • _acme-challenge.secretcircle.solutions token d

Notice that the two wildcards use the base domain.

Since you’ve already succeeded at three of the challenges, their successes will be cached. Thus you only need to fulfill the one remaining challenge.

1 Like

I’m not seeing a certificate that includes 3 domains (under X509v3 Subject Alternative Name) for those you’ve listed. :thinking: Were you generating test/staging certificates when you were trying the combinations of three?

https://crt.sh/?q=scrtcrcl.com

https://crt.sh/?q=secretcircle.solutions

1 Like

Which 3 - Which one did you leave out?
If you do that 1 by itself does it still fail?

1 Like

I got 2 production certificates yesterday:

  • scrtcrcl.com + *.scrtcrcl.com,
  • secretcircle.solutions + *.secretcircle.solutions

I got successfully *.scrtcrcl.com + * secretcircle.solutions + *.secretcircle.solutions on Let’s Encrypt staging

1 Like

I didn’t try but I’m pretty sure that any combination of 3 will work. I can check if you want.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.