I have three security certificates for my website, one of them is for backend.ultimaterehabestimator.com and I am having trouble renewing it, here is my error message:
Failed authorization procedure. backend.ultimaterehabestimator.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested ae9a991ae61e815e2630db3baccbc2f9.93c0afcde5d1141e6b5d5223553efcaf.acme.invalid from 50.63.166.163:443. Received 2 certificate(s), first certificate had names "www.ultimaterehabestimator.com"
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: backend.ultimaterehabestimator.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
ae9a991ae61e815e2630db3baccbc2f9.93c0afcde5d1141e6b5d5223553efcaf.acme.invalid
from 50.63.166.163:443. Received 2 certificate(s), first
certificate had names "www.ultimaterehabestimator.com"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
If you request multiple domains in a single run of certbot, you’ll get them all on a single certificate; if you run certbot once per domain you’ll get a separate cert for each. I guess you must have done a mix of both, because you now have four certificates; one of them is valid for all three domains, while the other three are only valid for one domain each. They overlap, so if you wanted you could configure nginx (I’m assuming it’s nginx based on your server headers) to use the combined cert for all three domains, and delete the other three certs. Or you could point it at the individual certs for each domain and delete the combined one.
That being said, I don’t know why it would fail to renew. Perhaps it’s a bug in the --nginx plugin. What version of certbot are you using?
I’m using 0.17, I don’t see a straightforward way to update, I don’t understand if my domain (backend.ultimaterehabestimator.com) will expire in four days because that’s the day the last certificate expires or whether the first certificate will cover the domain.
There are 3 currently valid certificates for that name:
Two of them expire January 9. One of them expires February 7.
You should ensure that your software is configured to use the newest one. Or use one of the other ones but ensure that renewing works (and renew it immediately).