Correct zName not found for TLS SNI challenge

My1 · March 1, 2016, 10:21am

okay that one actually hurts. didnt know that.

Hackerace · March 1, 2016, 8:21pm

Here is what I get on the command line:
root@65shelbycobra:/home/ubuntu/Downloads/letsencrypt# ./letsencrypt-auto renew
Updating letsencrypt and virtual environment dependencies…
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt renew
Processing /etc/letsencrypt/renewal/65shelbycobra.com.conf
2016-03-01 20:20:18,340:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/65shelbycobra.com.conf produced an unexpected error: Failed authorization procedure. 65shelbycobra.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found ‘65shelbycobra.com’. Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/65shelbycobra.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: 65shelbycobra.com
Type: unauthorized
Detail: Correct zName not found for TLS SNI challenge. Found
’65shelbycobra.com’

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
root@65shelbycobra:/home/ubuntu/Downloads/letsencrypt#

Hackerace · March 1, 2016, 8:31pm

Logs from latest try to renew

Domain: 65shelbycobra.com
Type: unauthorized
Detail: Correct zName not found for TLS SNI challenge. Found ‘65shelbycobra.com’

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2016-03-01 20:20:18,161:INFO:letsencrypt.auth_handler:Cleaning up challenges
2016-03-01 20:20:18,340:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/65shelbycobra.com.conf produced an unexpected error: Failed authorization procedure. 65shelbycobra.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found ‘65shelbycobra.com’. Skipping.
2016-03-01 20:20:18,341:DEBUG:letsencrypt.cli:Traceback was:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 1017, in renew
obtain_cert(lineage_config, plugins, renewal_candidate)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 706, in obtain_cert
_, action = _auth_from_domains(le_client, config, domains, lineage)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 457, in _auth_from_domains
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 252, in obtain_certificate
return self.obtain_certificate_from_csr(domains, csr) + (key, csr)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 225, in obtain_certificate_from_csr
authzr = self.auth_handler.get_authorizations(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 84, in get_authorizations
self._respond(cont_resp, dv_resp, best_effort)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 142, in _respond
self._poll_challenges(chall_update, best_effort)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 204, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. 65shelbycobra.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found ‘65shelbycobra.com’

2016-03-01 20:20:18,341:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 1986, in main
return config.func(config, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 1034, in renew
len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

AltairCA · March 2, 2016, 6:58am

Try to run the same command which when you request the certificate for the first time. and check whether your DNS A records IP which belong to the '65shelbycobra' and your vps IP is matched

AltairCA · March 2, 2016, 6:59am

can I know what is your web server is it Apache ?

Hackerace · March 2, 2016, 4:44pm

Apache on Ubuntu in the AWS cloud

Hackerace · March 2, 2016, 4:46pm

DNS A record is OK

I am not sure what you mean by “vps IP matched”?

AltairCA · March 2, 2016, 5:05pm

I am sorry for my English :3. I mean check wether VPS public ip is same as DNS A record ip

AltairCA · March 2, 2016, 5:07pm

ok if you use apache I have an tutorial which shows how to use the lets encrypt Apache plugin