Failed authorization procedure usign the client


#1

The following command throws this error:

./letsencrypt-auto certonly --standalone -d zzzzz.dyndns.org
Checking for new version…
Requesting root privileges to run letsencrypt…
sudo /home/pi/.local/share/letsencrypt/bin/letsencrypt --no-self-upgrade certonly --standalone -d zzzzz.dyndns.org
Failed authorization procedure. zzzzz.dyndns.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found ‘zzzzz.dyndns.org

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: griep.dyndns.org
    Type: unauthorized
    Detail: Correct zName not found for TLS SNI challenge. Found
    zzzzz.dyndns.org

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.


#2

when I have seen this issue, I have checked my A records to find that some servers were down. I removed their IPs from the domain and the zName error was fixed


#3

Hello @running,

I suppose this issue could be related to a change in your dynamic public ip and an error or slowness propagation to dyndns dns servers. I suppose that because you didn’t do a good job masquerading your real domain and I can see that you issued a valid cert for your domain yesterday 17th February ;).

Cheers,
sahsanu


#4

Hi Sahsanu,

Sort of yes no, yes I was able to get a new certificate through the manual procedure

run only once per server:

$(command -v python2 || command -v python2.7 || command -v python2.6) -c
“import BaseHTTPServer, SimpleHTTPServer;
s = BaseHTTPServer.HTTPServer((’’, 80), SimpleHTTPServer.SimpleHTTPRequestHandler);
s.serve_forever()”

letsencrypt-auto certonly --manual

I wonder if my setup is causing the trouble, I have two raspberrypi’s both running a web server one Apache the other Nginx. The apache one uses port 1954 for https and nginx the standard port. I try to generate the certificates on the machine running Apache. It first tells me to stop the webserver and then throws the error as in the original mail