Can't get cert for second domain on server (ipv4&6)

I have one domain working with let’s encrypt certificate.
When I try to add a second domain and get a new cert, I get this error running certbot from ubuntu ppa.
certbot --nginx -d -d
I also tried certonly with same failure
Failed authorization procedure. (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 17b38814d1013165c0016f5a60364524.fd5416e64dfc7efbbdfe1e754e545c40.acme.invalid from [**ipv6_address_obfuscated**]:443. Received 2 certificate(s), first certificate had names ","

Linode Ubuntu 16.04.3 vps with ipv4 & ipv6 capability
nginx 1.10.3 installed using easyengine
DNS for fuelthebodywell is on linode dns
DNS for marketingmedicinewoman is on cloudflare with cloudflare paused. Only dns service is being used.
both A and AAAA records exist for both domains.
both sites show up in webbrowser
.well-known is accessible when tested with text file.

DNS appears to pass all tests:

netstat -na|grep -i listen|grep tcp
tcp 0 0* LISTEN
tcp 0 0* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN

Hi @AntoniosHadji,

Could you post the log file from /var/log/letsencrypt?

attached log file from run of:
sudo certbot --nginx -d -d

letsencrypt.log.txt (36.4 KB)

I tried again today with the command:
sudo certbot --nginx
Here are the log files.
letsencrypt.log.txt (32.6 KB)

The server is currently serving other domains and each has both ipv4 and ipv6 dns setup. The domain fuelthebodywell is the only one currently running on https using letsencrypt.

The virtual host in your nginx config seems to be missing IPv6 entries like your other host.

Maybe add:

listen [::]:80;
listen [::]:443 ssl;

whereever they are missing.

(I couldn’t actually reproduce any IPv6 issues to your domain so this may not be the problem, but the domain that is missing these entries just redirects so it might be hard for me to notice them.)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.