I’ve got the same error message and couldn’t solve it yesterday. But finally I’ve renewed my certificate:)
Error message:
$ docker run -it --rm -p 1086:80 -p 1087:443 --name letsencrypt -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" quay.io/letsencrypt/letsencrypt:latest renew
Processing /etc/letsencrypt/renewal/drem.jp.conf
2016-03-15 02:57:20,087:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/drem.jp.conf produced an unexpected error: Failed authorization procedure. drem.jp (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization
:: Correct zName not found for TLS SNI challenge. Found 'drem.jp'. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/drem.jp/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: drem.jp
Type: unauthorized
Detail: Correct zName not found for TLS SNI challenge. Found
'drem.jp'
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
I think that this message was a misleading in my case.
Solution: Using webroot
nginx.conf:
server {
listen 80;
server_name drem.jp;
# letsencrypt
location /.well-known/acme-challenge {
root /tmp/letsencrypt;
}
location / {
return 301 https://$server_name$request_uri;
}
}
I didn’t change DNS and other network settings. Then I executed the following command on the same host.
$ docker run -it --rm --name letsencrypt -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" -v "/tmp/letsencrypt:/tmp/letsencrypt" quay.io/letsencrypt/letsencrypt:latest certonly
-a webroot --webroot-path=/tmp/letsencrypt -d drem.jp
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/drem.jp/fullchain.pem. Your cert will expire
on 2016-06-14. To obtain a new version of the certificate in the
future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
I didn’t know the cause, but I’ve solve it by using webroot. I hope my case will help others.