when running the following command on my server (Debian 8 Jessie with Apache):
certbot --apache -d www.hotel.bz.it -d hotel.bz.it -d www.suedtirolfueralle.it -d suedtirolfueralle.it -d www.altoadigepertutti.it -d altoadigepertutti.it -d www.southtyrolforall.com
I receive a bunch of error message, one for every domain name, like this one:
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
from 220.127.116.11:443. Received certificate containing ‘’
What can I do to resolve this issue?
Any particular reason why you have chosen the TLS SNI challenge?
Usually the DNS Challenge and the HTTP Challenge are much easier to implement.
If you have permission to access webroot folder, try to run
certbot certonly --webroot -w /var/www/example/ -d www.hotel.bz.it1 -d hotel.bz.it -d www.suedtirolfueralle.it1 -d suedtirolfueralle.it -d www.altoadigepertutti.it -d altoadigepertutti.it -d www.southtyrolforall.com
Remember to change
/var/www/example/ to your REAL webroot path.
this challenge was choosen by the certbot program itself.
It seems I have to to it the “old” way, but if I have to do this manually every 2 months a commercial certificate could be cheaper.
ok, will try it with this method.
On another server the old letsencrypt client worked like a charm… So it seems the apache plugin has some problems.
It would be a good idea to fix this so other would not incur in the same error.
the webroot method worked, but of course I had to configure Apache manually as with a commercial certificate. The very cool thing of the apache method is that is does this automatically.
I think I have found the solution.
In the apache site configuration was specified:
Change this to
restart your apache and the apache plugin will work.
Hope this helps someone!
the editor seems to have eaten something. The correct entry should be
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.