Certificate name mismatch on a dedicated server


#1

Hello everybody,

I have a server with multiple domains using the certificate.

When trying to create a new certificate I get a error like this:

Domain: www.domain.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
c527720af5d9e6b111b0cc0916092ffe.413fcb115cfa99b02e9a42a5993630c4.acme.invalid
from XX.XX.XX.XX:443. Received 2 certificate(s), first
certificate had names “www.differentDomain.com

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

If I revoke a domain, will have a different domain with the same message.

Can somebody help me?

Thanks


#2

Hi,

What client are you currently using?

The error message seems to be that the tls-sni-01 (a depreciated challenge type) couldn’t validate the site.

If you are using certbot or certbot-auto, please add the flag after all arguments.

--preferred-challenges http

Thank you


#3

Debian 7

we are using certbot-auto

thanks


#4

Don’t revoke anything.
Your error is probably within the SNI handling.
As @stevenzhu suggested, try using an http challenge.

Otherwise, look for possible domain overlap or misconfiguration within the server_name|server_alias vhost entries.

See: https://www.ssllabs.com/ssltest/analyze.html?d=www.ayala.digital


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.