Problem installing a cert x DNS

NOTE: I changed my domain/IP for mywww.mydomain.com/a.b.c.d.
I had tried to generate a new cert for mywww.mydomain.com in my Glassfish AppServer running ports 80/443, no Apache here.

[root@ss1 letsencrypt]# ./letsencrypt-auto certonly --standalone -d mywww.mydomain.com --email myemail@mydomain.com
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Version: 1.1-20080819
Version: 1.1-20080819
Failed authorization procedure. mywww.mydomain.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested ba5fb0460eb955e1a59119128d6b2e48.9973cca93ee541c1c50b1b4389e4a179.acme.invalid from a.b.c.d:443. Received certificate containing ‘’

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: mywww.mydomain.com
    Type: unauthorized
    Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
    Requested
    ba5fb0460eb955e1a59119128d6b2e48.9973cca93ee541c1c50b1b4389e4a179.acme.invalid
    from a.b.c.d:443. Received certificate containing ‘’

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

[root@ss1 letsencrypt]# host mywww.mydomain.com
mywww.mydomain.com has address a.b.c.d

I dont have problems with DNS requests, mywww.mydomain.com is correctly configured into bind server, my web app runs fine in http://mywww.mydomain.com for many months.

Is there some problem because Glassfish runs using an auto-generated/builtin cert file in 443?

To use standalone mode you must stop whatever is currently using port 443. If you don’t want to do this and can create TXT DNS records then you should use a different client that supports the DNS-01 challenge.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.