OS X Server multiple domains problem

Everything going well until:

(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for restructuring-management.net
No vhost exists with servername or alias of: restructuring-management.net (or it’s in a file with multiple vhosts, which Certbot can’t parse yet). No vhost was selected. Please specify ServerName or ServerAlias in the Apache config, or split vhosts into separate files.
Falling back to default vhost *:443…
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. restructuring-management.net (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 3e4286deb9b17af44c97b75c38399d2f.f0bc9f94a473eddf11f7480e15ddadac.acme.invalid from Received 4 certificate(s), first certificate had names “restructuring-management.net, www.restructuring-management.net

I am running 3 domains: restructuring-management.net, beyond-refinance.com, beyond-management.de on my Apple Server (5.1, El Capitan), Apache.

Now, just at the end of the installation process, I get what I copied in here. Sorry, I’m not fit enough in UNIX to follow the suggestions made in Terminal (shot down my server once). Will there be any time in future, when certbot will parse multiple domains?

CU, Chris

This feature is being worked on so it should be available eventually.

One alternative in the meantime would be authenticate using certbot certonly --webroot which does not attempt to parse or to make any changes to your web server configuration. In that case you will also have to edit your web server configuration files after obtaining the certificate in order to install it. This is a working option already in the case of Apache configuration files that contain multiple vhosts.


Will you get along with this:

Last login: Tue Feb 14 00:24:39 on ttys000
restructuring-management:~ christophdeinhard$ sudo certbot certonly --webroot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c’
to cancel):restructuring-management.net
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for restructuring-management.net

Select the webroot for restructuring-management.net:

Sorry, I didn’t understand whether you have a further question or if this is OK.

The webroot refers to the directory in your filesystem where the files for that web site are served from (which could be something like /var/www/html and depends on your operating system and configuration).

You can also specify it on the command line using -w and the domain names afterward with -d. For example, if your webroot is /var/www/html, you could run sudo certbot certonly --webroot -w /var/www/html -d restructuring-management.net. (You might want a second -d www.restructuring-management.net so that the resulting certificate will cover both names.)

The fastest fix and in my opinion the best fix is to put each virtual host into it’s own file and use this naming scheme. [domain].[tld].conf i.e. mydomain.com.conf Doing this lets certbot find the domains easily AND it becomes easier, again in my opinion, to manage the virtual hosts. With Apache on OS X / macOS you should have this line in your /private/etc/apache2/httpd.conf

Virtual hosts

Include /private/etc/apache2/extra/httpd-vhosts.conf

You can either include each config file individually (cumbersome)
or wild card include them like this.

Virtual hosts

Include /private/etc/apache2/extra/*.com.conf


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.