Error: Incorrect validation certificate for TLS-SNI-01 challenge

Hello,

when running the following command on my server (Debian 8 Jessie with Apache):

certbot --apache -d www.hotel.bz.it -d hotel.bz.it -d www.suedtirolfueralle.it -d suedtirolfueralle.it -d www.altoadigepertutti.it -d altoadigepertutti.it -d www.southtyrolforall.com

I receive a bunch of error message, one for every domain name, like this one:

Domain: www.suedtirolfueralle.it
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
Requested
3e8ede0335c0ded0d30e318f920f5e12.2ffb80a99a0653cafcc6095aa0c11b11.acme.invalid
from 217.199.23.137:443. Received certificate containing ‘’

What can I do to resolve this issue?

TIA

Wolfgang

Hi Wolfgang

Any particular reason why you have chosen the TLS SNI challenge?

Usually the DNS Challenge and the HTTP Challenge are much easier to implement.

If you have permission to access webroot folder, try to run

certbot certonly --webroot -w /var/www/example/ -d www.hotel.bz.it1 -d hotel.bz.it -d www.suedtirolfueralle.it1 -d suedtirolfueralle.it -d www.altoadigepertutti.it -d altoadigepertutti.it -d www.southtyrolforall.com

Remember to change /var/www/example/ to your REAL webroot path.

Hello,

this challenge was choosen by the certbot program itself.

It seems I have to to it the “old” way, but if I have to do this manually every 2 months a commercial certificate could be cheaper.

Wolfgang

Hello,

ok, will try it with this method.

On another server the old letsencrypt client worked like a charm… So it seems the apache plugin has some problems.
It would be a good idea to fix this so other would not incur in the same error.

Wolfgang

Hi,

the webroot method worked, but of course I had to configure Apache manually as with a commercial certificate. The very cool thing of the apache method is that is does this automatically.

Wolfgang

Hello,

I think I have found the solution.

In the apache site configuration was specified:

<VirtualHost :>

Change this to

<VirtualHost *:80>

restart your apache and the apache plugin will work.

Hope this helps someone!

Wolfgang

Hello,

the editor seems to have eaten something. The correct entry should be

<VirtualHost *:80>

instead of

<VirtualHost *:*>

Wolfgang

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.