Error adding new domain to cert


#1

Please fill out the fields below so we can help you better.

I am having an issue when trying to add a new domain name to the existing cert it is giving me the error in the output section below. I haven’t had any issues with this up until now. I have used your services for several sites that are still currently working. Please help! :smiley: Thanks!

My domain is: schiller.ivanthemeh.com

I ran this command: ./letsencrypt-auto certonly --standalone --email ivan@ivanthemeh.com --expand -d site1.com, site2.com, site3.com, site4.com, newsite.com

It produced this output: ```The following errors were reported by the server:

Domain: schiller.ivanthemeh.com
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
Requested
f9884861b11c0734a1706bea67df73b2.a9ed6d49526d0dcdd6bcf1ac0cd12076.acme.invalid
from 54.218.55.183:443. Received certificate containing
site1.com, site2.com, site3.com, site4.com

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.```

My operating system is (include version): ubuntu 14

My web server is (include version): amazon ec2

My hosting provider, if applicable, is: amazon

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

You asked certbot / letsencrypt-auto to use standalone mode, but it seems like you have a real web server on schiller.ivanthemeh.com answering, not the certbot standalone mode code.

In standalone mode, the idea is that the certbot / letsencrypt-auto software acts as a web server long enough to pass the challenges and get a certificate. This is particularly useful if you don’t even run a web server normally (e.g. you want the certificate for an email server, or an IRC server, or something) but it can’t work if you already have and need a web server running to serve up your sites.

Consider other modes, such as apache mode (if you use a fairly standard Apache httpd setup, not sure if that’s possible on EC2) or nginx mode (only very new certbot versions, and again doubt it’s applicable to EC2) or maybe webroot mode, where the software just creates files in a chosen place on the filesystem and you need to arrange for your web server (whatever and wherever it is) to serve up those files when they’re requested over the Internet with HTTP (note not HTTPS).


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.