New server, same domain name - Incorrect validation certificate for tls-sni-01 challenge

Dacesilian · June 5, 2017, 8:26am

I've installed fresh certbot and wanted to issue certificate with command:

certbot certonly --email my@mail.com --agree-tos --standalone -d my.domain.cz

But it failed with response:

Domain: my.domain.cz
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
65687e08f5e09ffdff1ce3asdasdasdasdasd349.acme.invalid
from XXX.YYY.YYY.YYY:443. Received 2 certificate(s), first
certificate had names "bla.domain.cz, bla2.domain.cz"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

I was using certbot on same server before but I've reinstalled it and didn't backup letsencrypt keys.

What should I do now? Thanks!

Dacesilian · June 5, 2017, 1:15pm

This was caused by the wrong port forwarding setting (to another server). All is working now.

Alternatively you can use port 80 to check domain:

certbot certonly --email my@mail.com --agree-tos --standalone --standalone-supported-challenges http-01 -d my.domain.com

system · July 5, 2017, 1:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem with certbot: Incorrect validation certificate for tls-sni-01 challenge Help	13	2040	August 13, 2018
Incorrect validation certificate for tls-sni-01 challenge again and again Help	14	3198	September 2, 2017
So strange case Server	4	1104	February 9, 2018
Certbot - Running Certbot on a Machine that is Not the Web Server Means Challenges Fail Help	5	2516	July 12, 2017
Error at cert renewal, need help Help	3	1179	October 25, 2018

New server, same domain name - Incorrect validation certificate for tls-sni-01 challenge

Related topics