How to resolve the "Correct zName not found for TLS SNI challenge" error when i try renew certificate


i am trying renew my certificate that will expire tomorrow, but i get an error as:

Failed authorization procedure. (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found ‘

 - The following errors were reported by the server:

   Type:   urn:acme:error:unauthorized
   Detail: Correct zName not found for TLS SNI challenge. Found

how i can fix this error and renew my certificate?

3 months ago this certificate was generated without error.

thanks in advance


Does the domain actually exist and corretly route to the right server ?


yes, the domain exist.
what you mean with “the right server” ?
i switch the vps in december, it has influence?


Just so happens that I am hitting this error also after moving domains to (3 ) new vps .
These are mail servers and Im thinking it has something to do with them contacting the webservers for auth.
…ound for TLS SNI challenge. Found ‘*,’ <— I will look into this and let you know what I find.


Yep , My error was cleared when I removed -d and left the ( actual ) -d

My email servers have nothing to so with there web host, therefore email contacts/certs/IP all would be wrong.


I solved this problem by returning to StartSSL.


Congrats, you just threw in the towel there :disappointed:


thanks but i not know what else to do.
and while my web remains without ssl support, i needed migrate to another provider so temporarily.
not sure if the migration of vps had something to do with the error (ip changes, etc), i not get responses in this question.
i keep researching about ssl and my problem with renew.


Well, this specific question has been posted here quite a lot, so my guess is the search function would have given you quite a few threads, including an anwser :slightly_smiling:


While a number of people have had similar issues none, that I could find have the same issue. In particular it found the zName but still failed. All the other posts I have seen say nothing was found.

I am having the exact same issue. I have not found any solution after trying what I could find on both this forum and googling.


Probably your HTTPS-server serves a certificate for another hostname than the one queried… But without the hostname we can’t verify that.


I’ve searched the forum as suggested Osiris, but I have not been successful.
I try to create a self-signed certificate as suggested in other posts but this does not work for me.


Are you happy to provide your domain name ( by private message if needbe) then we can potentially help more.


the domain name is

whitelisted domains are:


Thanks. And, just to confirm, you are still getting the same error ( Correct zName not found) if you try on your domains with the current startssl certificates ?


yes, same error with the current startssl certificates, with the old letsencrypt certificates and with the self-signed certificates


I suspect in your case it’s the IPv6 that could be causing the issue … I seem to remember that with someone before (unless my memory going) … looking …


I messaged @serverco the domain but basically the error is the:

Verify error:Correct zName not found for TLS SNI challenge. Found ‘

Where “” is my domain. The SSL certificate has the correct subject and issuer.


Sorry, I’m away today - will try and catch up once back online …


How do you try to solve the challenge? Which client options do you use? I guess your server is serving the default certificate instead of the challenge certificate which must contain something like abc.def.acme.invalid as hostname.