My certificate is due to expire in a few weeks time, and I’m trying to create a script to renew it. The only port I have open is port 443, with an HTTPS server listening to it using my current certificate. I use dynamic DNS, so it seems to me I can only use TLS verification.
As an experiment, I tried this to see what would happen (running as root):
certbot-auto renew --dry-run --preferred-challenges tls-sni-01 -v --standalone
This is what I got back:
The following errors were reported by the server:
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
from xxx.xxx.xxx.xxx:443. Received 2 certificate(s), first
certificate had names “mydomain.ddns.net”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Can anyone tell me what is going on here? (The DNS records are correct, I can connect to my site, and I get my existing certificate when I do, BTW.)