Failed Authorization - Received 2 cerficate(s)

My domain is: hue.merkoba.com

I ran this command: certbot

It produced this output:

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):10
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for hue.merkoba.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. hue.merkoba.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 26c3d491b6c4c17bbb7897a2039e941f.52bcc9cbbe827b802f2f539c49dd2a3a.acme.invalid from 138.68.25.106:443. Received 2 certificate(s), first certificate had names "hue.merkoba.com"

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: hue.merkoba.com
    Type: unauthorized
    Detail: Incorrect validation certificate for tls-sni-01 challenge.
    Requested
    26c3d491b6c4c17bbb7897a2039e941f.52bcc9cbbe827b802f2f539c49dd2a3a.acme.invalid
    from 138.68.25.106:443. Received 2 certificate(s), first
    certificate had names "hue.merkoba.com"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): Apache 2.4.25

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

Other notes:

I have a hue.conf:

Redirect permanent / https://hue.merkoba.com

And another declaration in ssl.conf:

NameVirtualHost *:443

<VirtualHost *:443>
ServerName hue.merkoba.com

ProxyPreserveHost On

RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

Alias "/static/" "/home/node/hue/public/static/"

<Directory /home/node/hue/public>

Options FollowSymLinks
AllowOverride None
Require all granted

ExpiresActive On
ExpiresByType image/jpeg "access plus 11 months"
ExpiresByType image/jpg "access plus 11 months"
ExpiresByType image/png "access plus 11 months"
ExpiresByType image/gif "access plus 11 months"

RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.) ws://localhost:3210/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule ^/(?!static/)(.
)$ http://localhost:3210/$1 [P,L]

SSLCertificateFile /etc/letsencrypt/live/hue.merkoba.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/hue.merkoba.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

Ok I fixed it. The problem was some other domain related active virtual host conf file. I just had to disable it and run certbot again.

1 Like

Hi @madprops

the tls-sni-01 - challenge is deprecated.

February next year the support ends. See

So check if you can switch to another validation method.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.