I’m managing 100+ site network. At first I was putting several domains on 1 certificate, but then later that’s a problem is one goes away. So l’ve been using a single cert per domain, but when I go to renew this one I’m getting this error. Any thoughts on fixing this?
sudo certbot --apache -d surgicalcenterofsandiego.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for surgicalcenterofsandiego.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. surgicalcenterofsandiego.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 827ef8746ad1b145cd9d000cc32bb38a.e90fc0bdd632fd98c1556340feed8c45.acme.invalid from 207.223.115.39:443. Received 2 certificate(s), first certificate had names "aksurgery.com, alaskaspinecenter.com, alliancelakemary.com, amsurgsurgerycenter.com, antelopevalleysurgerycenter.com, apogeesurgery.com, arcadiasurgerycenter.com, barrancasurgerycenter.com, bellevillesurgical.com"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: surgicalcenterofsandiego.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
827ef8746ad1b145cd9d000cc32bb38a.e90fc0bdd632fd98c1556340feed8c45.acme.invalid
from 207.223.115.39:443. Received 2 certificate(s), first
certificate had names "aksurgery.com, alaskaspinecenter.com,
alliancelakemary.com, amsurgsurgerycenter.com,
antelopevalleysurgerycenter.com, apogeesurgery.com,
arcadiasurgerycenter.com, barrancasurgerycenter.com,
bellevillesurgical.com"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I would also like to move away from TLS-SNI-01 can I specify when using the apache plugin?
Thanks! That works for most of the domains I’m trying to renew, but I still have a couple giving errors.
sudo certbot --apache -d texashealthsurgerycenterbedford.com --preferred-challenges http
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for texashealthsurgerycenterbedford.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. texashealthsurgerycenterbedford.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://texashealthsurgerycenterbedford.com/.well-known/acme-challenge/V3DHa2RXeGxlGPIc2zAoyqnqX3kGHVQPRP2VagFX6sw: "<!DOCTYPE html>\n<html lang=\"en-US\" prefix=\"og: http://ogp.me/ns#\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" c"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: texashealthsurgerycenterbedford.com
Type: unauthorized
Detail: Invalid response from
http://texashealthsurgerycenterbedford.com/.well-known/acme-challenge/V3DHa2RXeGxlGPIc2zAoyqnqX3kGHVQPRP2VagFX6sw:
"<!DOCTYPE html>\n<html lang=\"en-US\" prefix=\"og:
http://ogp.me/ns#\">\n<head>\n <meta charset=\"UTF-8\">\n
<meta name=\"viewport\" c"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
To fix the 2 domains that I couldn’t update, I did an a2dissite on the -le-ssl.conf and then removed that file, reloaded apache and started again with the original command. Seems to be working now.
I think I made a mistake when I started creating the certificates for several sites on a single domain within the network. I’m trying to undo that as I renew.
I’m noticing today that a few of the sites I updated certificates on are sometimes not working, for example if I go to https://texashealthsurgerycenterparkhill.com/ get a “Your connection is not private” error but refresh, then the page loads.
When I try and make a vHost and create a certificate for the www specifically I get an error.
sudo certbot --apache -d www.texashealthsurgerycenterbedford.com --preferred-challenges http
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.texashealthsurgerycenterbedford.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.texashealthsurgerycenterbedford.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.texashealthsurgerycenterbedford.com/.well-known/acme-challenge/JYaXJAcgBBavkAmuEJimhMcqU8TjP3LplXhpxV_1yME: "<!DOCTYPE html>\n<html lang=\"en-US\" prefix=\"og: http://ogp.me/ns#\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" c"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.texashealthsurgerycenterbedford.com
Type: unauthorized
Detail: Invalid response from
http://www.texashealthsurgerycenterbedford.com/.well-known/acme-challenge/JYaXJAcgBBavkAmuEJimhMcqU8TjP3LplXhpxV_1yME:
"<!DOCTYPE html>\n<html lang=\"en-US\" prefix=\"og:
http://ogp.me/ns#\">\n<head>\n <meta charset=\"UTF-8\">\n<meta name=\"viewport\" c"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
I’ve been taking that approach, using ServerAlias on the new site’s configs I’ve been adding to the network. I tried out both www and * for ServerAlias.
I think this all started when I was asked by my client / project manager to fix errors on links that have https://www. I’ve been trying to redirect to the domain associated with the ServerName.
I’m going to work on modifying these 2 sites and see if I can work it out.