Renew of cert for several subdomains throws errors


#1

Initially letsencrypt-auto created a single cert for two subdomains: a.domain.tld & b.a.domain.tld. There is an enabled VHost configuration for each domain (Apache2) and all tested clients are accepting the created certificates.

If I try to renew it throws the following errors:

   Domain: b.a.domain.tld
   Type:   unauthorized
   Detail: Correct zName not found for TLS SNI challenge. Found
   'b.a.domain.tld, a.domain.tld'

   Domain: a.domain.tld
   Type:   unauthorized
   Detail: Correct zName not found for TLS SNI challenge. Found
   'b.a.domain.tld, a.domain.tld'

Before I tried to renew the certificates I moved SSL/TLS handling from Apache2 to HAProxy. HAProxy is serving the full certificate chain: private key, root, intermediate, cert in a single PEM file. Is HAProxy not supported?


#2

I fixed the problem by using this how-to: https://www.digitalocean.com/community/tutorials/how-to-secure-haproxy-with-let-s-encrypt-on-ubuntu-14-04