Nginx - One Server - One IP - 2 Completely Different DN

]My domain is: gfelot.xyz (got the cert for this one) | pamelafitnesscoach.com (fail on this one)

I ran this command: sudo certbot --nginx -d pamelafitnesscoach.com -d www.pamelafitnesscoach.com

It produced this output:

Failed authorization procedure. www.pamelafitnesscoach.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested cd38a9a57038d46cb8c3d7bf5c95e7cd.80320d92a3b2c5461a723b67618a33bc.acme.invalid from [2001:41d0:e:111c::1]:443. Received 2 certificate(s), first certificate had names “gfelot.xyz, www.gfelot.xyz”, pamelafitnesscoach.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested c9c535572925f431bdfa1b0897eeded2.3816b4f2e2d2059d866ee0f4acf4047f.acme.invalid from [2001:41d0:e:111c::1]:443. Received 2 certificate(s), first certificate had names “gfelot.xyz, www.gfelot.xyz”

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.pamelafitnesscoach.com
    Type: unauthorized
    Detail: Incorrect validation certificate for tls-sni-01 challenge.
    Requested
    cd38a9a57038d46cb8c3d7bf5c95e7cd.80320d92a3b2c5461a723b67618a33bc.acme.invalid
    from [2001:41d0:e:111c::1]:443. Received 2 certificate(s), first
    certificate had names “gfelot.xyz, www.gfelot.xyz”

    Domain: pamelafitnesscoach.com
    Type: unauthorized
    Detail: Incorrect validation certificate for tls-sni-01 challenge.
    Requested
    c9c535572925f431bdfa1b0897eeded2.3816b4f2e2d2059d866ee0f4acf4047f.acme.invalid
    from [2001:41d0:e:111c::1]:443. Received 2 certificate(s), first
    certificate had names “gfelot.xyz, www.gfelot.xyz”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):
Nginx 1.10.3

The operating system my web server runs on is (include version):
Ubuntu 16.06.3

My hosting provider, if applicable, is:
OVH

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

Hi @gfelot,

You might have found a bug in how certbot --nginx deals with IPv6 setups, or with some other specific kind of nginx configuration. In principle, what you did is right and Certbot should have been able to reconfigure nginx to get the new certificate, but it apparently didn’t succeed.

Do you think you could post the log from /var/log/letsencrypt?

It would also be good to know what version of Certbot you’re using because there have been some bugs of this kind which are fixed in later releases, which are not necessarily pushed out in OS packages yet.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.