My domain is: mydomain.com
My server nc is behind an nginx reverse proxy configured with these instructions(https://www.techandme.se/set-up-nginx-reverse-proxy/) and there appears to be a conflict with my server json which I am unsure how to resolve.
I ran this command:
certbot renew --no-self-upgrade > /var/log/letsencrypt/renew.log 2>&1
It produced this output:
Log file (/var/log/syslog):
Apr 1 16:09:32 nc systemd[1]: Stopping The Apache HTTP Server...
Apr 1 16:09:32 nc apachectl[22564]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using nc.mydomain.com. Set the 'ServerName' directive globally to suppress this message
Apr 1 16:09:32 nc systemd[1]: Stopped The Apache HTTP Server.
Apr 1 16:09:37 nc systemd[1]: Starting The Apache HTTP Server...
Apr 1 16:09:37 nc apachectl[22604]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using nc.mydomain.com. Set the 'ServerName' directive globally to suppress this message
Apr 1 16:09:37 nc systemd[1]: Started The Apache HTTP Server.
Log file (/var/log/letsencrypt/renew.log)
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/nc.mydomain.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Running pre-hook command: service apache2 stop
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for nc.mydomain.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (nc.mydomain.com) from /etc/letsencrypt/renewal/nc.mydomain.com.conf produced an unexpected error: Failed authorization procedure. nc.mydomain.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 80c537b06f49c5279b406dd02d6496ce.482d5b1bb770e5cd186bd6e430af5c9c.acme.invalid from 24.193.26.188:443. Received 2 certificate(s), first certificate had names "json.mydomain.com". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/nc.mydomain.com/fullchain.pem (failure)
-------------------------------------------------------------------------------
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/nc.mydomain.com/fullchain.pem (failure)
-------------------------------------------------------------------------------
Running post-hook command: service apache2 start
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: nc.mydomain.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
nlRk9KQ2p4tY9WorBYoczUYqgDajtIuk.uzNwMwLhjBQeQMir98WPWc3l3BirL1g1.acme.invalid
from 46.23.894.11:443. Received 2 certificate(s), first
certificate had names "json.mydomain.com"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Apache/2.4.33 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 16.04.4
My hosting provider, if applicable, is: self
I can login to a root shell on my machine: yes
I’m using a control panel to manage my site: no
Many thanks to any who can help! I also ran it without the no-self-upgrade switch with the same result.