Certbot failure: problem caused by apache 2.2 or exisitng cert?


#1

I’m running Apache 2.2 on Ubuntu 12.04.4 (Digital Ocean) and have an existing RapidSSL certificate installed. I’m getting the following error report when I run the given command. Is the existing certificate causing this problem, or the fact that the Apache server version is less than 2.4? (I’m trying to avoid the effort of upgrading the server only find it was caused by the existing RapidSSL certificate.)

Thanks for any help/guidance. Let me know if more information is needed.

devbisme@XESS1:~/certbot$ sudo ./certbot-auto --apache -d www.xess.com -d xess.com
[sudo] password for devbisme:
Failed authorization procedure. xess.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 53fe5f8452eee1d20b3117647ba52d20.a52e23be99ff287ad8160bb071464fee.acme.invalid from 192.241.200.6:443. Received certificate containing ‘www.xess.com, xess.com’, www.xess.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 10a4a0b5be73dd7f8a928a7571467990.87da1ac3f65693c3cf975fd5cdd4b1fd.acme.invalid from 192.241.200.6:443. Received certificate containing ‘www.xess.com, xess.com

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: xess.com
    Type: unauthorized
    Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
    Requested
    53fe5f8452eee1d20b3117647ba52d20.a52e23be99ff287ad8160bb071464fee.acme.invalid
    from 192.241.200.6:443. Received certificate containing
    www.xess.com, xess.com

    Domain: www.xess.com
    Type: unauthorized
    Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
    Requested
    10a4a0b5be73dd7f8a928a7571467990.87da1ac3f65693c3cf975fd5cdd4b1fd.acme.invalid
    from 192.241.200.6:443. Received certificate containing
    www.xess.com, xess.com

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.


#2

The problem was caused by the Apache 2.2 server and not the existing RapidSSL certificate. I used the webroot option of certbot-auto and generated my certificate that way.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.