Error: Incorrect validation certificate for TLS-SNI-01 challenge


#1

Hello,

when running the following command on my server (Debian 8 Jessie with Apache):

certbot --apache -d www.hotel.bz.it -d hotel.bz.it -d www.suedtirolfueralle.it -d suedtirolfueralle.it -d www.altoadigepertutti.it -d altoadigepertutti.it -d www.southtyrolforall.com

I receive a bunch of error message, one for every domain name, like this one:

Domain: www.suedtirolfueralle.it
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
Requested
3e8ede0335c0ded0d30e318f920f5e12.2ffb80a99a0653cafcc6095aa0c11b11.acme.invalid
from 217.199.23.137:443. Received certificate containing ‘’

What can I do to resolve this issue?

TIA

Wolfgang


#2

Hi Wolfgang

Any particular reason why you have chosen the TLS SNI challenge?

Usually the DNS Challenge and the HTTP Challenge are much easier to implement.


#3

If you have permission to access webroot folder, try to run

certbot certonly --webroot -w /var/www/example/ -d www.hotel.bz.it1 -d hotel.bz.it -d www.suedtirolfueralle.it1 -d suedtirolfueralle.it -d www.altoadigepertutti.it -d altoadigepertutti.it -d www.southtyrolforall.com

Remember to change /var/www/example/ to your REAL webroot path.


#4

Hello,

this challenge was choosen by the certbot program itself.

It seems I have to to it the “old” way, but if I have to do this manually every 2 months a commercial certificate could be cheaper.

Wolfgang


#5

Hello,

ok, will try it with this method.

On another server the old letsencrypt client worked like a charm… So it seems the apache plugin has some problems.
It would be a good idea to fix this so other would not incur in the same error.

Wolfgang


#6

Hi,

the webroot method worked, but of course I had to configure Apache manually as with a commercial certificate. The very cool thing of the apache method is that is does this automatically.

Wolfgang


#7

Hello,

I think I have found the solution.

In the apache site configuration was specified:

<VirtualHost :>

Change this to

<VirtualHost *:80>

restart your apache and the apache plugin will work.

Hope this helps someone!

Wolfgang


#8

Hello,

the editor seems to have eaten something. The correct entry should be

<VirtualHost *:80>

instead of

<VirtualHost *:*>

Wolfgang


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.