Create certificate for a domain that is located on a different host


#1

root@debian:/home/solar/letsencrypt# ./letsencrypt-auto -d meralyemek.web.tr
Checking for new version…
Requesting root privileges to run letsencrypt…
/root/.local/share/letsencrypt/bin/letsencrypt -d meralyemek.web.tr
Failed authorization procedure. meralyemek.web.tr (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found ‘www.firstmarca.com, firstmarca.com

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: meralyemek.web.tr
    Type: unauthorized
    Detail: Correct zName not found for TLS SNI challenge. Found
    www.firstmarca.com, firstmarca.com

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.


#2

Take a look at the manual plugin.

You can use it with ./letsencrypt-auto certonly --manual -d example.com. It will ask you to place files under a certain path on the server where your domain is hosted at in order to verify ownership of the domain.

You’ll have to repeat those steps manually every 90 days.


#3

The alternate client https://github.com/srvrco/getssl was designed for automating installation on remote hosts ( it does require ssh to securely transfer the challenge and then the certificates )

Alternatively it might be worth looking at the DNS challenge ( supported by several of the alternate clients - I know the three bash ones do )


#4

Hey @engin,

just use the manual way to get the certificate:

letsencrypt certonly -a manual -d meralyemek.web.tr

certonly: Obtain cert, but do not install it

While using this mode, you need to publish a document on the target webserver to authenticate via file:

For example:
http://meralyemek.web.tr/.well-known/acme-challenge/{some_random_string}
with the shown content during the authentication process.


#5

There’s also some work in progress to add remote webroot support (so you could say "send challenges via scp to www@remotehost:/var/www/example_site" or something). This will eventually be possible and then should be another alternative for some situations like this.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.