Error: Incorrect validation certificate for TLS-SNI-01 challenge

wriedmann · September 24, 2016, 2:57pm

Hello,

when running the following command on my server (Debian 8 Jessie with Apache):

certbot --apache -d www.hotel.bz.it -d hotel.bz.it -d www.suedtirolfueralle.it -d suedtirolfueralle.it -d www.altoadigepertutti.it -d altoadigepertutti.it -d www.southtyrolforall.com

I receive a bunch of error message, one for every domain name, like this one:

Domain: www.suedtirolfueralle.it
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
Requested
3e8ede0335c0ded0d30e318f920f5e12.2ffb80a99a0653cafcc6095aa0c11b11.acme.invalid
from 217.199.23.137:443. Received certificate containing ‘’

What can I do to resolve this issue?

TIA

Wolfgang

ahaw021 · September 25, 2016, 1:05pm

Hi Wolfgang

Any particular reason why you have chosen the TLS SNI challenge?

Usually the DNS Challenge and the HTTP Challenge are much easier to implement.

Sneezry · September 25, 2016, 1:12pm

If you have permission to access webroot folder, try to run

certbot certonly --webroot -w /var/www/example/ -d www.hotel.bz.it1 -d hotel.bz.it -d www.suedtirolfueralle.it1 -d suedtirolfueralle.it -d www.altoadigepertutti.it -d altoadigepertutti.it -d www.southtyrolforall.com

Remember to change /var/www/example/ to your REAL webroot path.

wriedmann · September 26, 2016, 3:04am

Hello,

this challenge was choosen by the certbot program itself.

It seems I have to to it the “old” way, but if I have to do this manually every 2 months a commercial certificate could be cheaper.

Wolfgang

wriedmann · September 26, 2016, 3:07am

Hello,

ok, will try it with this method.

On another server the old letsencrypt client worked like a charm… So it seems the apache plugin has some problems.
It would be a good idea to fix this so other would not incur in the same error.

Wolfgang

wriedmann · September 26, 2016, 3:20am

Hi,

the webroot method worked, but of course I had to configure Apache manually as with a commercial certificate. The very cool thing of the apache method is that is does this automatically.

Wolfgang

wriedmann · September 26, 2016, 3:41am

Hello,

I think I have found the solution.

In the apache site configuration was specified:

Change this to

restart your apache and the apache plugin will work.

Hope this helps someone!

Wolfgang

wriedmann · September 26, 2016, 3:44am

Hello,

the editor seems to have eaten something. The correct entry should be

<VirtualHost *:80>

instead of

<VirtualHost *:*>

Wolfgang

system · October 26, 2016, 3:44am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Incorrect validation certificate for tls-sni-01 challenge again and again Help	14	3200	September 2, 2017
Certbot - TLS-SNI Apache Challenge Doesn't Pass - Alternatives Help	14	2929	June 29, 2017
Incorrect TLS-SNI-01 challenge Help	3	1409	January 29, 2017
Certbot run - Incorrect validation certificate for tls-sni-01 challenge Server	8	23094	July 12, 2017
Incorrect validation certificate for tls-sni-01 challenge. certbox --apache -d Help	6	1620	September 19, 2017

Error: Incorrect validation certificate for TLS-SNI-01 challenge

Related topics