I think this issue might be related to this… I had a holding page running on apache on same server for this domain, I have since attached a second elastic IP to this server, I then listen on this for all NGINX / Node apps and keep the original IP for apache. That has been working fine and I have managed to issue cirtificates via certbot for both. I went to move a domain www.mytownrocks.co.uk from the apache IP to the NGINX one. I repointed it and figured I should delete the cirtificate and re issue it via Nginx (not sure if this was a mistake?). I delete using sudo certbot delete
command, seemed fine but I now can’t re issue the certificate using sudo certbot --nginx -d www.mytownrocks.co.uk
. I have since tried to upgrade to http but this has not helped.
Upgraded by:
`
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot python-certbot-nginx `
Any help is really really appreciated, I’m a front-end dev and this is really stretching my knowledge!
My domain is:
I ran this command:
sudo certbot --nginx -d www.mytownrocks.co.uk
#also tried this
sudo certbot --nginx
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Which names would you like to activate HTTPS for?
1: mytownrocks.cat5.design
2: category5.design
3: mytownrocks.co.uk
4: www.mytownrocks.co.uk
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 4
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for www.mytownrocks.co.uk
TLS-SNI-01 is deprecated, and will stop working soon.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.mytownrocks.co.uk (tls-sni-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested c151a301354102aa9bcf9c3b0fc4cd03.92aeac2559c4e49da80bffd1640e2f3d.acme.invalid from 35.178.91.44:443. Received 2 certificate(s), first certificate had names “category5.design, mytownrocks.cat5.design”
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: www.mytownrocks.co.uk
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
c151a301354102aa9bcf9c3b0fc4cd03.92aeac2559c4e49da80bffd1640e2f3d.acme.invalid
from 35.178.91.44:443. Received 2 certificate(s), first certificate
had names “category5.design, mytownrocks.cat5.design”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
T3 Amazon Ec2 instance running Ubuntu16.04.5 LTS (GNU/Linux 4.4.0-1075-aws x86_64)
The operating system my web server runs on is (include version):
Ubuntu16.04.5 LTS
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
0.28.0