I migrated 2 of my domains from one machine using Ubuntu 14.04 to another using Cent OS 7.5. I had floating same ip for both my domains, so I just changed my floating ip. I copied /etc/letsencrypt folder from old machine to new machine using tar to preserve symlinks.
After migration I ran certbot renew --force-renewal to verify if certificates are issued properly. One of the domains which was using webroot authenticator got cert renewed. But another domain using nginx authenticator failed with error. The details are
My domain is: portal.furtherreach.net
I ran this command: certbot renew --force-renewal
It produced this output:
Processing /etc/letsencrypt/renewal/portal.furtherreach.net.conf
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for portal.furtherreach.net
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (portal.furtherreach.net) from /etc/letsencrypt/renewal/portal.furtherreach.net.conf produced an unexpected error: Failed authorization procedure. portal.furtherreach.net (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 5efcf900c6626b0fd02f1493cf3ee311.839d95e98e138ff2def14e574b15ccb8.acme.invalid from 45.55.115.216:443. Received 2 certificate(s), first certificate had names “celerate-controller.furtherreach.net”. Skipping.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: portal.furtherreach.net
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
5efcf900c6626b0fd02f1493cf3ee311.839d95e98e138ff2def14e574b15ccb8.acme.invalid
from 45.55.115.216:443. Received 2 certificate(s), first
certificate had names “celerate-controller.furtherreach.net”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): nginx/1.12.2
The operating system my web server runs on is (include version): Cent OS 7.5
My hosting provider, if applicable, is: DigitalOcean
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no