My domain is:
mail.renaud-goud.fr
I ran this command:
./certbot-auto certonly --standalone -d mail.renaud-goud.fr
It produced this output:
Failed authorization procedure. mail.renaud-goud.fr (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested xxxxxxxxx.acme.invalid from IP:443. Received certificate containing ‘carddav.renaud-goud.fr, cloud.renaud-goud.fr, […]’
My operating system is (include version):
Debian jessie - Raspberry PI
My web server is (include version):
/
My hosting provider, if applicable, is:
Home
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
Details :
I already have a ‘full’ web nginx http server sucessfully configured with Letsencrypt working, on carddav.renaud-goud.fr and cloud.renaud-goud.fr . It’s behind a NAT router, port 80 opened.
I have another server, for mail, on which I wanna have also a letsencrypt for mail server. No webserver is running on it.
I set-up a reverse proxy on my ‘main’ server (the http one), to redirect the subdomain mail.renaud-goud.fr:80 to the mail server IP, port 80.
But when I run the certbot tool to generate a certificate on the mail server (with standalone, as creating a temp http/80 server is OK on it), the certbot tool seems to be connected to the nginx/http server.
So, how can I ‘bypass’ the nginx proxy detection ? (I can’t open another port on my router, only 80, 443 and mail ports)