Renew --dry-run failure Incorrect validation certificate for tls-sni-01 challenge

Install fine and basic site seems to be working well with primary domain and sub-domain accessible. (install other apps later)

My domains are: inkblotcreations.com www.inkblotcreations.com beta.inkblotcreations.com www.beta.inkblotcreations.com

I ran this command: sudo certbot renew --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/inkblotcreations.com.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for inkblotcreations.com
tls-sni-01 challenge for beta.inkblotcreations.com
tls-sni-01 challenge for www.beta.inkblotcreations.com
tls-sni-01 challenge for www.inkblotcreations.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/inkblotcreations.com.conf produced an unexpected error: Failed authorization procedure. beta.inkblotcreations.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested b9b4ac981c1db05a0512f16ebcf96c6f.b36f31d96d64eef69471b4823d2b89ad.acme.invalid from [2a03:b0c0:0:1010::eca:5001]:443. Received 2 certificate(s), first certificate had names "beta.inkblotcreations.com, inkblotcreations.com, www.beta.inkblotcreations.com, www.inkblotcreations.com", www.beta.inkblotcreations.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested f4b2705b218af6ff9a5649a9f4050d5d.41e0d88962137d4bf4ba882a3a57aa99.acme.invalid from [2a03:b0c0:0:1010::eca:5001]:443. Received 2 certificate(s), first certificate had names "beta.inkblotcreations.com, inkblotcreations.com, www.beta.inkblotcreations.com, www.inkblotcreations.com". Skipping.
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/inkblotcreations.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: beta.inkblotcreations.com
   Type:   unauthorized
   Detail: Incorrect validation certificate for tls-sni-01 challenge.
   Requested
   b9b4ac981c1db05a0512f16ebcf96c6f.b36f31d96d64eef69471b4823d2b89ad.acme.invalid
   from [2a03:b0c0:0:1010::eca:5001]:443. Received 2 certificate(s),
   first certificate had names "beta.inkblotcreations.com,
   inkblotcreations.com, www.beta.inkblotcreations.com,
   www.inkblotcreations.com"

   Domain: www.beta.inkblotcreations.com
   Type:   unauthorized
   Detail: Incorrect validation certificate for tls-sni-01 challenge.
   Requested
   f4b2705b218af6ff9a5649a9f4050d5d.41e0d88962137d4bf4ba882a3a57aa99.acme.invalid
   from [2a03:b0c0:0:1010::eca:5001]:443. Received 2 certificate(s),
   first certificate had names "beta.inkblotcreations.com,
   inkblotcreations.com, www.beta.inkblotcreations.com,
   www.inkblotcreations.com"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

My web server is (include version):
nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 16.04.2 x64

My hosting provider, if applicable, is:
DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes

Nginx Conf:

server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;
        server_name inkblotcreations.com www.inkblotcreations.com;
        return 301 https://$server_name$request_uri;
}

server {
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;
        include snippets/ssl-inkblotcreations.com.conf;
        include snippets/ssl-params.conf;

        server_name inkblotcreations.com www.inkblotcreations.com;

        root /home/catz/www/;

        index index.html;
        error_page 401 403 404 /404;
        location / {
                try_files $uri $uri/ =404;
        }
}

server {
        listen 80;
        listen [::]:80;
        server_name beta.inkblotcreations.com www.beta.inkblotcreations.com;
        return 301 https://$server_name$request_uri;
}

server {
        listen 443 ssl http2;
        listen [::]:433 ssl http2;
        include snippets/ssl-inkblotcreations.com.conf;
        include snippets/ssl-params.conf;

        server_name beta.inkblotcreations.com www.beta.inkblotcreations.com;

        root /home/catz/beta/;
        index index.html;
        error_page 401 403 404 /404.html;

        location / {
                try_files $uri $uri/ =404;
        }
}

I’m thinking that I might revoke the certificate and then reinstall using --webroot instead of --nginx flag.

Any thoughts or suggestions?

This post is no longer relevant.
Have renewed using --webroot
Have similar issue.
Will created new post.

** No further action on this post required **

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.