Certificate name mismatch on a dedicated server

ayaladigital · October 19, 2018, 6:17pm

Hello everybody,

I have a server with multiple domains using the certificate.

When trying to create a new certificate I get a error like this:

Domain: www.domain.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
c527720af5d9e6b111b0cc0916092ffe.413fcb115cfa99b02e9a42a5993630c4.acme.invalid
from XX.XX.XX.XX:443. Received 2 certificate(s), first
certificate had names “www.differentDomain.com”

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

If I revoke a domain, will have a different domain with the same message.

Can somebody help me?

Thanks

stevenzhu · October 19, 2018, 7:35pm

Hi,

What client are you currently using?

The error message seems to be that the tls-sni-01 (a depreciated challenge type) couldn’t validate the site.

If you are using certbot or certbot-auto, please add the flag after all arguments.

--preferred-challenges http

Thank you

ayaladigital · October 19, 2018, 8:06pm

Debian 7

we are using certbot-auto

thanks

rg305 · October 20, 2018, 3:25am

Don't revoke anything.
Your error is probably within the SNI handling.
As @stevenzhu suggested, try using an http challenge.

Otherwise, look for possible domain overlap or misconfiguration within the server_name|server_alias vhost entries.

See: SSL Server Test: www.ayala.digital (Powered by Qualys SSL Labs)

system · November 19, 2018, 3:37am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.