I’ve got a DynDNS Pro account, which allows me to register a domain (I use hendersj.dyndns.org) and enable wildcards to specify multiple child records.
I was able to obtain a LetsEncrypt certificate for hendersj.dyndns.org, but I’m trying to expand that to include a host called dlhost.hendersj.dyndns.org (this is actually handled by a reverse proxy that uses the virtual host name to select a back-end webserver). It looks like dyndns creates this as a CName record pointing to the main A record for hendersj.dyndns.org.
When I run the client, I run:
sudo ./letsencrypt-auto certonly -d hendersj.dyndns.org -d dlhost.hendersj.dyndns.org --standalone
The result I get back is:
Failed authorization procedure. hendersj.dyndns.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found hendersj.dyndns.org, dlhost.hendersj.dyndns.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found hendersj.dyndns.org IMPORTANT NOTES: - The following 'urn:acme:error:unauthorized' errors were reported by the server: Domains: dlhost.hendersj.dyndns.org, hendersj.dyndns.org Error: The client lacks sufficient authorization
I also tried just using dlhost.hendersj.dyndns.org - but got the same result.
What am I missing here? Is what I’m trying to do possible?