Hi, i have a problem when run Certbot with Apache from Ubuntu.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for textilprint.com.co
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. textilprint.com.co (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 89675ce6f2a8a721c3ec1e55b02fe4fa.95e929fceceae23fe7c7cd42f82057e4.acme.invalid from 192.185.128.23:443. Received 3 certificate(s), first certificate had names “*.ehosts.com, ehosts.com”
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: textilprint.com.co
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
89675ce6f2a8a721c3ec1e55b02fe4fa.95e929fceceae23fe7c7cd42f82057e4.acme.invalid
from 192.185.128.23:443. Received 3 certificate(s), first
certificate had names “*.ehosts.com, ehosts.com”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I dont have idea resolve this problem.
Is ehosts.com your hosting provider? If so ... I think your best bet might be to find an alternative.
You said your server is running apache, but the Server header says it's nginx.
You used the --standalone plugin. However, the server seems to be responding on port 443, which means the standalone plugin should have fail to listen on that port, which it apparently didn't - it thought it was listening and asked the CA to connect to it.
The certificate that's being presented is a wildcard cert for *.ehosts.com
So it seems that your apache server is sitting behind an nginx reverse proxy controlled by the hosting provider. That means they must install any certificates for you.
Here is what they say about that (ehosts.com redirects to www.ehost.com so I assume they're the same company):
Let's Encrypt certificates need to be renewed at least every 3 months, so that's 40... I'm not sure what currency those prices are in, but there's a good chance it will work out more expensive than purchasing and installing a cheap multi-year certificate from a commercial CA. The arduous installation process is also an unfortunate barrier and will likely make it impossible to set up automated renewals.
It may be that they have some other hosting options that are compatible with Let's Encrypt. I haven't seen anything about that on their website, though.
If you want to look for alternatives, the list of shared hosting providers that support Let's Encrypt is here:
(If ehosts is not your hosting provider, then my next best guess is that you mistyped your domain name...)
"In an effort to provide customers with the best hosting experience possible, we have made the decision to take eHost offline and begin directing visitors to our partner brands. Over the next few months, we’ll be transitioning customers to a new platform that delivers a better experience and outstanding support. "