Initially letsencrypt-auto created a single cert for two subdomains: a.domain.tld & b.a.domain.tld. There is an enabled VHost configuration for each domain (Apache2) and all tested clients are accepting the created certificates.
If I try to renew it throws the following errors:
Domain: b.a.domain.tld Type: unauthorized Detail: Correct zName not found for TLS SNI challenge. Found 'b.a.domain.tld, a.domain.tld' Domain: a.domain.tld Type: unauthorized Detail: Correct zName not found for TLS SNI challenge. Found 'b.a.domain.tld, a.domain.tld'
Before I tried to renew the certificates I moved SSL/TLS handling from Apache2 to HAProxy. HAProxy is serving the full certificate chain: private key, root, intermediate, cert in a single PEM file. Is HAProxy not supported?