Please fill out the fields below so we can help you better.
My domain is: nick.stat.cmu.edu, although it was previously kimolas.stat.cmu.edu. After I changed my domain, I deleted my old site and reran certbot. Now I am encountering a verification error.
I ran this command: sudo certbot --apache certonly
It produced this output:
Performing the following challenges:
tls-sni-01 challenge for nick.stat.cmu.edu
No vhost exists with servername or alias of: nick.stat.cmu.edu (or it's in a file with multiple vhosts, which Certbot can't parse yet). No vhost was selected. Please specify ServerName or ServerAlias in the Apache config, or split vhosts into separate files.
Falling back to default vhost *:443...
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. nick.stat.cmu.edu (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 742a80b5c16185f658bf33406ae83946.2818f3cebdc46fdb6b5881f78fe966b7.acme.invalid from 128.2.46.203:443. Received 2 certificate(s), first certificate had names "nick.stat.cmu.edu"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: nick.stat.cmu.edu
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
742a80b5c16185f658bf33406ae83946.2818f3cebdc46fdb6b5881f78fe966b7.acme.invalid
from 128.2.46.203:443. Received 2 certificate(s), first certificate
had names "nick.stat.cmu.edu"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Apache/2.4.25 (Unix)
The operating system my web server runs on is (include version): macOS 10.12.5
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): macOS Server
Certbot is having trouble parsing your Apache configuration. Can you find which Apache configuration file defines the VirtualHost nick.stat.cmu.edu, and post it here?
I changed it, but certbot still returns the same error message. In any case, the apache config file was generated by macOS Server and it was likely the same with my old site, for which certbot did work.
Thanks for all of your help! I was able to get around this by nuking my macOS Server install (deleting everything, including /Library/Server) and using --webroot instead of --apache.