How to install a cert on a domain


#1

Please fill out the fields below so we can help you better.

My domain is:econtractsupport.com

I ran this command:./certbot-auto --apache -d www.econtractsupport.com -d econtractsupport.com

It produced this output:Failed authorization procedure. econtractsupport.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested acd9738b60a82fb9ffb6f688c29a0289.976fc94130d4d9c07999acf50f35e833.acme.invalid from 199.119.86.202:443. Received 4 certificate(s), first certificate had names “learningsystemscrm.com, www.learningsystemscrm.com”, www.econtractsupport.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested d4ba3743a24bba5f8e436d962ee1486d.9993e3802e9b099ed3740f19061a86ca.acme.invalid from 199.119.86.202:443. Received 4 certificate(s), first certificate had names “learningsystemscrm.com, www.learningsystemscrm.com

IMPORTANT NOTES:

  • If you lose your account credentials, you can recover through
    e-mails sent to support@voonami.com.

  • The following errors were reported by the server:

    Domain: econtractsupport.com
    Type: unauthorized
    Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
    Requested
    acd9738b60a82fb9ffb6f688c29a0289.976fc94130d4d9c07999acf50f35e833.acme.invalid
    from 199.119.86.202:443. Received 4 certificate(s), first
    certificate had names “learningsystemscrm.com,
    www.learningsystemscrm.com

    Domain: www.econtractsupport.com
    Type: unauthorized
    Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
    Requested
    d4ba3743a24bba5f8e436d962ee1486d.9993e3802e9b099ed3740f19061a86ca.acme.invalid
    from 199.119.86.202:443. Received 4 certificate(s), first
    certificate had names “learningsystemscrm.com,
    www.learningsystemscrm.com

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.
    My operating system is (include version):ubuntu 14.04

I can login to a root shell on my machine (yes or no, or I don’t know):yes

When I just run ./certbot-auto it doesnt list the domain that I need it installed on. Do I need to add the domain to a file somewhere to get this to work?


#2

are you intending to use the TLS challenge?

also any reason why you are not using certbot?


#3

Hi @compprog254, recently when people have gotten errors like this they have often had Apache configurations that contain more than one VirtualHost per file (that is, that don’t use the sites-available one-site-per-file layout), which is incompatible with --apache for the time being. Is that possibly your situation?

--apache tries to configure Apache for you but it has some limitations, like the multiple VirtualHosts issue; there are alternatives that might work better in your situation.


#4

@ahaw021, do you mean as opposed to certbot-auto? This depends on the user’s operating system; see https://certbot.eff.org/ (some operating systems have an OS package, while others are recommended to use certbot-auto).


#5

makes sense :smiley: - will review it a bit more


#6

Sorry guys for not responding. I am using the certbot auto script but it didnt see the domain. So I went ahead and specified the root directory for the script and it generated the files needed. However I am having issues with my ssl configuration. In order for this to work do I need to have the domain statically defined in the http and the https virtual hosts files?


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.