What it says on the tin. Run the below command, get the error message that follows. DNS is configured correctly. This server is Centos 6.9 with Apache 2.2.15.
I have another server that worked without a hitch using an almost identical config (unipuma instead of annapuma). That server is Ubuntu Server 14.04.5 with Apache 2.4.7. Obviously, there are minor config differences due to Apache 2.4 vs 2.2.
Both are VPS on seperate machines in different parts of the US.
Command and output:
wolferz@annapuma ~ $ sudo ./certbot-auto --apache
[sudo] password for wolferz:
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: annapuma.onsite-crt.com
2: phpmyadmin.annapuma.onsite-crt.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1,2
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for annapuma.onsite-crt.com
tls-sni-01 challenge for phpmyadmin.annapuma.onsite-crt.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. phpmyadmin.annapuma.onsite-crt.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 44d2fd6d35baeca36fe13668f3ca3e6a.1ff6dd529b09785e995ba52118823ed6.acme.invalid from 144.217.115.63:443. Received 1 certificate(s), first certificate had names "annapuma.onsite-crt.com", annapuma.onsite-crt.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested e763d5287c2e34729ae226d7c9f8f43f.bbd79e9bf5acd358bfc579512fb4329f.acme.invalid from 144.217.115.63:443. Received 1 certificate(s), first certificate had names "annapuma.onsite-crt.com"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: phpmyadmin.annapuma.onsite-crt.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
44d2fd6d35baeca36fe13668f3ca3e6a.1ff6dd529b09785e995ba52118823ed6.acme.invalid
from 144.217.115.63:443. Received 1 certificate(s), first
certificate had names "annapuma.onsite-crt.com"
Domain: annapuma.onsite-crt.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
e763d5287c2e34729ae226d7c9f8f43f.bbd79e9bf5acd358bfc579512fb4329f.acme.invalid
from 144.217.115.63:443. Received 1 certificate(s), first
certificate had names "annapuma.onsite-crt.com"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
vhosts config:
NameVirtualHost annapuma.onsite-crt.com:80
<VirtualHost 144.217.115.63:80>
DocumentRoot /var/www/html
ServerName annapuma.onsite-crt.com
<Directory "/var/www/html">
allow from all
Options None
</Directory>
</VirtualHost>
NameVirtualHost annapuma.onsite-crt.com:443
<VirtualHost 144.217.115.63:443>
DocumentRoot /var/www/html
ServerName annapuma.onsite-crt.com
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key
<Directory "/var/www/html">
allow from all
Options None
</Directory>
</VirtualHost>
NameVirtualHost phpmyadmin.annapuma.onsite-crt.com:80
<VirtualHost 144.217.115.63:80>
ServerName phpmyadmin.annapuma.onsite-crt.com
Include /etc/httpd/conf.d/phpMyAdmin.conf
DocumentRoot /usr/share/phpMyAdmin/
</VirtualHost>
NameVirtualHost phpmyadmin.annapuma.onsite-crt.com:443
<VirtualHost 144.217.115.63:443>
ServerName phpmyadmin.annapuma.onsite-crt.com
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key
Include /etc/httpd/conf.d/phpMyAdmin.conf
DocumentRoot /usr/share/phpMyAdmin/
</VirtualHost>