Certbot - Expected Certificate different from what presented - TLS-SNI challenge

I’m getting the following errors when running this command:

/root/letsencrypt/./certbot-auto --apache certonly --keep-until-expiring --email letsencrypt@mijncompletehuisstijl.nl --agree-tos -d mijncompletehuisstijl.nl -d www.mijncompletehuisstijl.nl -d schildersbedrijfverzonnen.nl -d www.schildersbedrijfverzonnen.nl -d relatievvaardig.nl -d www.relatievvaardig.nl -d zvvem.nl -d www.zvvem.nl

Failed authorization procedure. www.mijncompletehuisstijl.nl (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 976898d0c78b95a627bb609f425473d8.941dfa2253f1a974a913957daca01c17.acme.invalid from 94.176.237.72:443. Received 1 certificate(s), first certificate had names “cace76244022fdb6768c306fe2a11c4d.508b76a637e20a95c744b17053563a7a.acme.invalid, dummy”

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: www.mijncompletehuisstijl.nl
  Type: unauthorized
  Detail: Incorrect validation certificate for tls-sni-01 challenge.
  Requested
  976898d0c78b95a627bb609f425473d8.941dfa2253f1a974a913957daca01c17.acme.invalid
  from 94.176.237.72:443. Received 1 certificate(s), first
  certificate had names
  "cace76244022fdb6768c306fe2a11c4d.508b76a637e20a95c744b17053563a7a.acme.invalid,
  dummy"

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A record(s) for that domain
  contain(s) the right IP address.

I don’t know where to start to fix this, it worked perfectly when extending it when new websites were added to the project I’m working on. DNS settings have not changed, nor has the IP of the server.

Help?

Don’t know how or why, but running the command almost an hour later worked perfectly and no errors anymore. Maybe the DNS needed some more time updating? I don’t know, but my problem is solved.

Hi @vespino

Your issue is that what the certbot client configured vs whats what was configured was not lined up

Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
976898d0c78b95a627bb609f425473d8.941dfa2253f1a974a913957daca01c17.acme.invalid
from 94.176.237.72:443. Received 1 certificate(s), first
certificate had names
"cace76244022fdb6768c306fe2a11c4d.508b76a637e20a95c744b17053563a7a.acme.invalid,
dummy"

are you running tests at the same time as trying issuing certificates? If so that would explain the problem

Andrei

It’s no test that I’m running, I’m adding to an existing certificate.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.