Problem installing a cert x DNS


#1

NOTE: I changed my domain/IP for mywww.mydomain.com/a.b.c.d.
I had tried to generate a new cert for mywww.mydomain.com in my Glassfish AppServer running ports 80/443, no Apache here.

[root@ss1 letsencrypt]# ./letsencrypt-auto certonly --standalone -d mywww.mydomain.com --email myemail@mydomain.com
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/init.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Version: 1.1-20080819
Version: 1.1-20080819
Failed authorization procedure. mywww.mydomain.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested ba5fb0460eb955e1a59119128d6b2e48.9973cca93ee541c1c50b1b4389e4a179.acme.invalid from a.b.c.d:443. Received certificate containing ‘’

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: mywww.mydomain.com
    Type: unauthorized
    Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
    Requested
    ba5fb0460eb955e1a59119128d6b2e48.9973cca93ee541c1c50b1b4389e4a179.acme.invalid
    from a.b.c.d:443. Received certificate containing ‘’

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

[root@ss1 letsencrypt]# host mywww.mydomain.com
mywww.mydomain.com has address a.b.c.d

I dont have problems with DNS requests, mywww.mydomain.com is correctly configured into bind server, my web app runs fine in http://mywww.mydomain.com for many months.

Is there some problem because Glassfish runs using an auto-generated/builtin cert file in 443?


#2

To use standalone mode you must stop whatever is currently using port 443. If you don’t want to do this and can create TXT DNS records then you should use a different client that supports the DNS-01 challenge.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.