I think this issue might be related to this… I had a holding page running on apache on same server for this domain, I have since attached a second elastic IP to this server, I then listen on this for all NGINX / Node apps and keep the original IP for apache. That has been working fine and I have managed to issue cirtificates via certbot for both. I went to move a domain www.mytownrocks.co.uk from the apache IP to the NGINX one. I repointed it and figured I should delete the cirtificate and re issue it via Nginx (not sure if this was a mistake?). I delete using
sudo certbot delete command, seemed fine but I now can’t re issue the certificate using
sudo certbot --nginx -d www.mytownrocks.co.uk. I have since tried to upgrade to http but this has not helped.
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot python-certbot-nginx `
Any help is really really appreciated, I’m a front-end dev and this is really stretching my knowledge!
My domain is:
I ran this command:
sudo certbot --nginx -d www.mytownrocks.co.uk
#also tried this
sudo certbot --nginx
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Which names would you like to activate HTTPS for?
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 4
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for www.mytownrocks.co.uk
TLS-SNI-01 is deprecated, and will stop working soon.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.mytownrocks.co.uk (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested c151a301354102aa9bcf9c3b0fc4cd03.92aeac2559c4e49da80bffd1640e2f3d.acme.invalid from 22.214.171.124:443. Received 2 certificate(s), first certificate had names “category5.design, mytownrocks.cat5.design”
The following errors were reported by the server:
Detail: Incorrect validation certificate for tls-sni-01 challenge.
from 126.96.36.199:443. Received 2 certificate(s), first certificate
had names “category5.design, mytownrocks.cat5.design”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
T3 Amazon Ec2 instance running Ubuntu16.04.5 LTS (GNU/Linux 4.4.0-1075-aws x86_64)
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):