Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is (-> there is a handful):
mail.dalsgaard-data.dk
blog.dalsgaard-data.dk
dalsgaard-data.dk
dalsgaard-data.eu
www.dalsgaard-data.eu
inotes.dalsgaard-data.dk
www.dalsgaard-data.dk
traveler.dalsgaard-data.dk
fangst.dalsgaard-data.dk
mobile.dalsgaard-data.dk
wc.dalsgaard-data.dk
test.dalsgaard-data.dk
I ran this command:
certbot renew
I have set up a cron job as well - but to keep things simple I logged in as root and tried to run the command manually
It produced this output:
For each domain something similar to this:
Processing /etc/letsencrypt/renewal/wc.dalsgaard-data.dk.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for wc.dalsgaard-data.dk
nginx: [warn] “ssl_stapling” ignored, issuer certificate not found for certificate “/var/lib/letsencrypt/J-qM95yrAA-B9nttyktwxTbxfC3Pxmk2e85VDcsrSyI.crt”
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (wc.dalsgaard-data.dk) from /etc/letsencrypt/renewal/wc.dalsgaard-data.dk.conf produced an unexpected error: Failed authorization procedure. wc.dalsgaard-data.dk (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested e395249512cab3384fc9aba5a0d05725.cdf05aa98367a3488d1a318f2f5aa65d.acme.invalid from 80.162.92.162:443. Received 2 certificate(s), first certificate had names “blog.dalsgaard-data.dk”. Skipping.
And then concludes with this resume:
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mail.dalsgaard-data.dk/fullchain.pem (failure)
/etc/letsencrypt/live/blog.dalsgaard-data.dk/fullchain.pem (failure)
/etc/letsencrypt/live/dalsgaard-data.dk/fullchain.pem (failure)
/etc/letsencrypt/live/dalsgaard-data.eu/fullchain.pem (failure)
/etc/letsencrypt/live/www.dalsgaard-data.eu/fullchain.pem (failure)
/etc/letsencrypt/live/inotes.dalsgaard-data.dk/fullchain.pem (failure)
/etc/letsencrypt/live/www.dalsgaard-data.dk/fullchain.pem (failure)
/etc/letsencrypt/live/traveler.dalsgaard-data.dk/fullchain.pem (failure)
/etc/letsencrypt/live/fangst.dalsgaard-data.dk/fullchain.pem (failure)
/etc/letsencrypt/live/mobile.dalsgaard-data.dk/fullchain.pem (failure)
/etc/letsencrypt/live/wc.dalsgaard-data.dk/fullchain.pem (failure)
/etc/letsencrypt/live/test.dalsgaard-data.dk/fullchain.pem (failure)
12 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: blog.dalsgaard-data.dk
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
7de418c09703b324696d3222f8b1e335.23b489c717873338b7262b1def3948c2.acme.invalid
from 80.162.92.162:443. Received 2 certificate(s), first
certificate had names “blog.dalsgaard-data.dk”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. -
The following errors were reported by the server:
Domain: dalsgaard-data.dk
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
8b265fb3a5b34ac235ff8e7455a623a6.11417616a610e921814c06e0e274cc22.acme.invalid
from 80.162.92.162:443. Received 2 certificate(s), first
certificate had names “blog.dalsgaard-data.dk”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. -
The following errors were reported by the server:
Domain: dalsgaard-data.eu
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
1df083657988ed5a6d3469651016c41b.7ceae8ddddd65fa16e816eccf378bf98.acme.invalid
from 80.162.92.162:443. Received 2 certificate(s), first
certificate had names “blog.dalsgaard-data.dk”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. -
The following errors were reported by the server:
Domain: fangst.dalsgaard-data.dk
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
272f28316c30a1e79aef1c65cf745c2f.e89f16a03611d22318630088ed76490c.acme.invalid
from 80.162.92.162:443. Received 2 certificate(s), first
certificate had names “blog.dalsgaard-data.dk”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. -
The following errors were reported by the server:
Domain: inotes.dalsgaard-data.dk
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
15686ad4bb2490f423e9714556e25d57.1099c7ba8758571fac314520837c6398.acme.invalid
from 80.162.92.162:443. Received 2 certificate(s), first
certificate had names “blog.dalsgaard-data.dk”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. -
The following errors were reported by the server:
Domain: mail.dalsgaard-data.dk
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
581000eebcd6390f0aae1bd2914375ab.885e35c3dc41bd57e86d55aa2e552bda.acme.invalid
from 80.162.92.162:443. Received 2 certificate(s), first
certificate had names “blog.dalsgaard-data.dk”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. -
The following errors were reported by the server:
Domain: mobile.dalsgaard-data.dk
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
74b3ba19717ff70bd49a1c876aabbd74.eb8c827691fd543d8b1ac938d091359a.acme.invalid
from 80.162.92.162:443. Received 2 certificate(s), first
certificate had names “blog.dalsgaard-data.dk”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. -
The following errors were reported by the server:
Domain: test.dalsgaard-data.dk
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
ea355f9fc8c2e82498dbac7ee008c57e.9f49674ed8c1a3ecb56195099d76495e.acme.invalid
from 80.162.92.162:443. Received 2 certificate(s), first
certificate had names “blog.dalsgaard-data.dk”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. -
The following errors were reported by the server:
Domain: traveler.dalsgaard-data.dk
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
059603e8394aa0468815647c710c73a9.cf726a14db67c2921e14adbbdc476664.acme.invalid
from 80.162.92.162:443. Received 2 certificate(s), first
certificate had names “blog.dalsgaard-data.dk”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. -
The following errors were reported by the server:
Domain: wc.dalsgaard-data.dk
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
e395249512cab3384fc9aba5a0d05725.cdf05aa98367a3488d1a318f2f5aa65d.acme.invalid
from 80.162.92.162:443. Received 2 certificate(s), first
certificate had names “blog.dalsgaard-data.dk”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. -
The following errors were reported by the server:
Domain: www.dalsgaard-data.dk
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
d7b699b9ecaea44270dd406f66e05ce1.a386f079ab490a62aab3f140d69f8015.acme.invalid
from 80.162.92.162:443. Received 2 certificate(s), first
certificate had names “blog.dalsgaard-data.dk”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. -
The following errors were reported by the server:
Domain: www.dalsgaard-data.eu
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
62a7542e07e74c0fc70120834022f374.36f88a62c4a71b8f88c5d3daf2622655.acme.invalid
from 80.162.92.162:443. Received 2 certificate(s), first
certificate had names “blog.dalsgaard-data.dk”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
Nginx 1.14.0
The server is set up as a proxy in front of the websites (that reside on various other servers). I use the proxy to “lift off” the SSL.
The operating system my web server runs on is (include version):
CentOS Linux 7.5.1804
My hosting provider, if applicable, is:
… own servers
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
Further notes:
I am using certbot version 0.24.0.
The renewal worked last time (3 months ago).
I have disabled SSL for webmin on the proxy-server and disabled a the generic website in Nginx (*.dalsgaard-data.dk).
