I have used the letsencrypt client to successfully acquire a certificate for one of my domains.
I done this using:
letsencrypt-auto certonly --standalone -d domain1.com -d www.domain1.com
I also have another site hosted on the same server and same public IP. Both have A records defined, to the same public IP.
When I run the same command for domain2:
letsencrypt-auto certonly --standalone -d domain2.com -d www.domain2.com
I get the very popular and confusing error:
The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found 'domain1.com www.domain1.com'
If it could be explained how the Lets Encrypt servers figure out the ‘Correct zName’ that would be cool
The only thing I can think of is that they store the first domain names used to request certificates, and only allow further requests to use those domain names.