would look like this (slightly redacted for space):
enoch@vps:~# apache2ctl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80 is a NameVirtualHost
default server vps.foobarfoo.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost vps.foobarfoo.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost foobarbaz.com (/etc/apache2/sites-enabled/foobarbaz.com.conf:1)
alias www.foobarbaz.com
port 80 namevhost dev.foobarfoo.com (/etc/apache2/sites-enabled/dev.foobarfoo.conf:1)
alias www.dev.foobarfoo.com
port 80 namevhost foobarfoo.com (/etc/apache2/sites-enabled/foobarfoo.conf:1)
alias www.foobarfoo.com
alias foobarfoo.eu
alias www.foobarfoo.eu
It looks like letsencrypt uses the configurations from the /etc/apache2/site-available directory and not sites-enabled. I has this same problem until I moved all my configs over to the available directory and symlinked to the files from the available directory.
All the entries in sites-enabled are symlinks to the real files in the sites-available. This is standard Ubuntu practise since many years. But I did try copying over the actual files instead of only the symlinks but this made no difference.
I’m calling it a day for now, I’ll look back into using letsencrypt in the new year. I think it’s a brilliant idea, but there are still a few kinks to work out.
The error message is misleading. The letsencrypt script does not like multiple vhosts so if you are redirecting www.foobarbaz.com to foobarbaz.com via an extra VirtualHost section, the script will not consider your vhost as a valid host. The solution is to fix the configuration file. I found that if I added a ServerAlias for the www address in the first VirtualHost section and deleted the extra VirtualHost section from my vhost configuration file, the script would work.
Hey Bill, I"m having a similar issue here. I’m trying to locate the virtual host file but I can’t seem to find it. Could you point me in the right direction? I’m using a VPS and working on getting certbot up and running for the first time.
I’m getting the no vhots error as well as: Incorrect validation certificate
[root@admin ~]# certbot/certbot-auto --apache -d mydomainname.com -d www.mydomainname.com ellow.us
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for mydomainname.com
tls-sni-01 challenge for www.mydomainname.com
No vhost exists with servername or alias of: mydomainname.com (or it's in a file wi th multiple vhosts, which Certbot can't parse yet). No vhost was selected. Pleas e specify ServerName or ServerAlias in the Apache config, or split vhosts into s eparate files.
Falling back to default vhost *:443...
No vhost exists with servername or alias of: www.mydomainname.com (or it's in a fil e with multiple vhosts, which Certbot can't parse yet). No vhost was selected. P lease specify ServerName or ServerAlias in the Apache config, or split vhosts in to separate files.
Falling back to default vhost *:443...
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.mydomainname.com (tls-sni-01): urn:acme:error:u nauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested fa8ed74e742479521c0b75b6b57aa84 c.bbc735ca1c201016e9e57524ae7c7e0e.acme.invalid from 50.116.105.100:443. Receive d 3 certificate(s), first certificate had names "admin.mydomainname.com, www.h ouselords.mydomainname.com", mydomainname.com (tls-sni-01): urn:acme:error:unauthorize d :: The client lacks sufficient authorization :: Incorrect validation certifica te for tls-sni-01 challenge. Requested 6078510bca9d22be132b4c131ccb00ca.02e0e697 535ee33d2893b8194bf160f2.acme.invalid from 50.116.105.100:443. Received 3 certif icate(s), first certificate had names "admin.mydomainname.com, www.admin. mydomainname.com"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.mydomainname.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
eh654h4w5h45h45ww6y45wy4w5y.w45w45y4h45hw4yw45yw5twtre.acme.invali d
from 50.116.105.100:443. Received 3 certificate(s), first
certificate had names "admin.mydomainname.com,
www.admin.mydomainname.com"
Domain: mydomainname.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
ege4g34y43yw5h5sh54h.56uej765ie6uej5e56.acme.invali d
from 50.116.105.100:443. Received 3 certificate(s), first
certificate had names "admin.mydomainname.com,
www.admin.mydomainname.com"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.