My domain is: oregional.hu
I ran this command: letsencrypt-auto certonly -d subdomain.oregional.hu
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find executable apachectl in PATH: /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
How would you like to authenticate with the ACME CA?
1: Nginx Web Server plugin - Alpha (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
Select the appropriate number [1-3] then [enter] (press ‘c’ to cancel): 1
Plugins selected: Authenticator nginx, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for subdomain.oregional.hu
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. subdomain.oregional.hu (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested id.acme.invalid from myip:443. Received 2 certificate(s), first certificate had names “anothersubdomain.oregional.hu”
The following errors were reported by the server:
Detail: Incorrect validation certificate for tls-sni-01 challenge.
from :443. Received 2 certificate(s), first
certificate had names “anothersubdomain.oregional.hu”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): nginx/1.12.2
The operating system my web server runs on is (include version): centos 7
My hosting provider, if applicable, is: none
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
I’m using Let’s Encrypt for a while. Everything goes good, until now. Now I try renew the certificates, and I get the error as described above. Why letsencrypt receives 2 certificates?
The subdomain.oregional.hu and anothersubdomain.oregional.hu are A records, and pointing to the same server. (This machine. Letsencrypt on the same machine as the webserver.)
If I stopping the webserver, and ususing the command with --standalone parameter the renewal is working. So I think it must be some nginx misconfiguration, but what can it be? The nginx config almost the defaults, only the domain configs are included.
If I removing the other hosts I get the same error, just anothersubdomain.oregional.hu = subdomain.oregional.hu