PROBLEM : Correct zName not found for TLS SNI challenge


#1

Hello,
I know there are others topics about that problem, but I can’t find my answer in these topics, so I am making a new one. I leave you the result of the commands just here :

plugn:certbot-master plugn$ sudo ./letsencrypt-auto certonly --debug --standalone
Checking for new version…
Requesting root privileges to run letsencrypt…
/Users/PlugN/.local/share/letsencrypt/bin/letsencrypt certonly --debug --standalone

                                                             ┌──────────────────────────────────────────────────────────────────────┐
                                                             │ Please enter in your domain name(s) (comma and/or space separated)   │  
                                                             │ ┌──────────────────────────────────────────────────────────────────┐ │  
                                                             │ │plugn.tk                                                          │ │  
                                                             │ └──────────────────────────────────────────────────────────────────┘ │  
                                                             ├──────────────────────────────────────────────────────────────────────┤  
                                                             │                     <  OK  >           <Cancel>                      │  
                                                             └──────────────────────────────────────────────────────────────────────┘  

Traceback (most recent call last):
File “/Users/PlugN/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/Users/PlugN/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/main.py”, line 692, in main
return config.func(config, plugins)
File “/Users/PlugN/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/main.py”, line 509, in obtain_cert
_, action = _auth_from_domains(le_client, config, domains, lineage)
File “/Users/PlugN/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/main.py”, line 93, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File “/Users/PlugN/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py”, line 274, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/Users/PlugN/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py”, line 246, in obtain_certificate
self.config.allow_subset_of_names)
File “/Users/PlugN/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 74, in get_authorizations
self._respond(resp, best_effort)
File “/Users/PlugN/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 131, in _respond
self._poll_challenges(chall_update, best_effort)
File “/Users/PlugN/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 195, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. plugn.tk (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found ‘’

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: plugn.tk
    Type: unauthorized
    Detail: Correct zName not found for TLS SNI challenge. Found ‘’

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.
    plugn:certbot-master plugn$

If you have any solution to this, I would really appreciate your help !
Thank you in advance,
PlugN


#2

Did you shut down your existing apache website when using letsencrypt in standalone mode ?


#3

Yes, using sudo apachectl stop (I had a first warning before that telling me that the server was open, so I closed it.


#4

OK, and you don’t have anything that automatically restarts it for you if it’s down ? The most common reason for this error is that some other apache / nginx responds on that port, rather than the standalone client.

Since you have apache working on your site currently, can I ask why you are using the standalone method, rather than using your apache ?


#5

Simply because the SSL certificate is for another server (not on the same computer)


#6

I’m confused.

Are you trying to get a certificate for plugn.tk ? which is on that server

are are you trying to obtain a certificate for a different domain ?

or do you simply want to use the plugn.tk on a different server for some reason ?


#7

Okay, here is my particular case :
I have a Windows 10 machine that is my server (running XAMPP). But Let’s Encrypt Client isn’t made to run on Windows, so I decided to make it from my Mac (my personal computer), and transfer the certificate. But the Windows 10 PC (that is the server) is really connected to plugn.tk (you can try http://www.plugn.tk, and you will see that there is no problem), and I want to acquire the certificate for that domain.
Thank you for you fast answer !


#8

OK, Thanks for the explanation, that helps.

There are a couple of options. There are alternate clients ( some of which run in windows )

If you want to use letsencrypt on your MAC, that’s fine, however you will need to change the port forwards on your firewall to send traffic to your MAC, rather than your windows server, whilst you do the challenge. to that when the letsencrypt server tries to obtain the token from plugn.tk/.well-known/acme-challenge it obtains it from the correct place (your MAC, not the windows server )


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.