Renew of cert for several subdomains throws errors

gbrehmer · February 24, 2016, 1:04pm

Initially letsencrypt-auto created a single cert for two subdomains: a.domain.tld & b.a.domain.tld. There is an enabled VHost configuration for each domain (Apache2) and all tested clients are accepting the created certificates.

If I try to renew it throws the following errors:

   Domain: b.a.domain.tld
   Type:   unauthorized
   Detail: Correct zName not found for TLS SNI challenge. Found
   'b.a.domain.tld, a.domain.tld'

   Domain: a.domain.tld
   Type:   unauthorized
   Detail: Correct zName not found for TLS SNI challenge. Found
   'b.a.domain.tld, a.domain.tld'

Before I tried to renew the certificates I moved SSL/TLS handling from Apache2 to HAProxy. HAProxy is serving the full certificate chain: private key, root, intermediate, cert in a single PEM file. Is HAProxy not supported?

gbrehmer · February 24, 2016, 1:54pm

I fixed the problem by using this how-to: https://www.digitalocean.com/community/tutorials/how-to-secure-haproxy-with-let-s-encrypt-on-ubuntu-14-04

Topic		Replies	Views
Trouble renewing certificate Help	7	3594	May 8, 2016
Error renewing over tls-sni-01, "Incorrect validation certificate for tls-sni-01 challenge" Help	6	2138	August 4, 2018
Need help getting/renewing certs Help	10	2260	February 22, 2017
Unable to renew SSL for subdomain Help	8	736	August 3, 2023
Renew error: Incorrect validation certificate for tls-sni-01 challenge. Received 2 certificate(s), first certificate had names "biszumbitterenen.de" Help	5	2965	April 9, 2018

Renew of cert for several subdomains throws errors

Related topics