I use my local computer for obtain and renew sertificate.
My configuration is simple.
I have 2 sertificate for each domains.
https://s1.tagan.ru/
https://s1-utils.tagan.ru/
Server works fine as I see. (nginx use ssl encryption)
How can I renew certificate on 1s.tagan.ru?
nixm ~ # certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: s1-utils.tagan.ru
Domains: s1-utils.tagan.ru
Expiry Date: 2017-10-19 05:30:00+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/s1-utils.tagan.ru/fullchain.pem
Private Key Path: /etc/letsencrypt/live/s1-utils.tagan.ru/privkey.pem
Certificate Name: s1.tagan.ru
Domains: s1.tagan.ru
Expiry Date: 2017-08-09 09:07:00+00:00 (VALID: 18 days)
Certificate Path: /etc/letsencrypt/live/s1.tagan.ru/fullchain.pem
Private Key Path: /etc/letsencrypt/live/s1.tagan.ru/privkey.pem
nixm ~ # certbot certonly -d s1.tagan.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
1: Place files in webroot directory (webroot)
2: Spin up a temporary webserver (standalone)
Select the appropriate number [1-2] then [enter] (press ācā to cancel): 2
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert is due for renewal, auto-renewingā¦
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for s1.tagan.ru
Waiting for verificationā¦
Cleaning up challenges
Failed authorization procedure. s1.tagan.ru (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 569d4bcba4735861901c923665c5cdf2.53a4adc13d83994dee8b911a6efac945.acme.invalid from [2a00:8740::43]:443. Received 1 certificate(s), first certificate had names ās1.tagan.ruā
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: s1.tagan.ru
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
569d4bcba4735861901c923665c5cdf2.53a4adc13d83994dee8b911a6efac945.acme.invalid
from [2a00:8740::43]:443. Received 1 certificate(s), first
certificate had names ās1.tagan.ruāTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
nixm ~ #