How to install certificates on a new server while the old one is still active?


Please fill out the fields below so we can help you better.

My domain is:

I ran this command: certbot certonly --manual

It produced this output: Unable to reach hostname doesn’t match either of (a bunch of *

My operating system is (include version): Debian 8

My web server is (include version): nginx

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No, just plain SSH and commands

I have 2 servers: My old one running certs for * and for *, and my new server in which all my sites from are being transferred to. My new server is tunneled through ssh from my old server, so my domains point to my old server and my Nginx there redirects everything through the tunnel to my new server.

I tried to create then the certificates in the new server for using the command “certbot certonly --manual”, and in the dialog that appears I wrote as the domain “”. It then asked me to create a file to prove that it is my domain, which I did and then I clicked enter. What happened next is that the message “Unable to reach hostname doesn’t match either of (a bunch of *” appeared, followed by the typical message of “CONGRATULATIONS, your keys were created” and it printed the route of the keys (which indeed were created).

In my Nginx I pointed to those keys, and when I try to access the webpage, firefox tells me that the site is using an invalid security certificate: uses an invalid security certificate. The certificate is only valid for the following names:,,,,,,,,, Error code: SSL_ERROR_BAD_CERT_DOMAIN

So my question is: why is this happening and how can I prevent this from happening?
Thanks a lot!


You sure it said /.web_trust/? Because as far as I know, that isn’t a directory ACME/Let’s Encrypt is using…


Wops sorry, I just mistyped it here. I have it where it’s supposed to be: .well_known/acme-challenge and at least as the CONGRATULATIONS message appears, I guess it actually finds it.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.