Several sites on one IP can't obtain certs


#1

Previously I had successfully obtained certificate for one of my sites. Now I have to add certs to another three sites (they all are virtual hosts sharing single IP with first site, but each of them have it’s own DNS records). But I get error:

Failed authorization procedure. mynewsite.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested f544c91aa78c8e3185d89b0647f460cc.8e9c2579c00173d8f366c31d3ca1d230.acme.invalid from 78.47.232.162:443. Received 2 certificate(s), first certificate had names “myfirstsite.com”,

For each of three sites with their’s names at start and one “first site” names at end (where “first certificate had names” is).

What should I do? (Ubuntu 14.04, Apache)


#2

What output does grep -Ri virtualhost /etc/apache2/* give? (If not too much text, please paste the full output here.)


#5

OK, so, you have a mixture of <VirtualHost> directives with just an asterisk and some <VirtualHost> directives which specify a port, i.e., the Let’s Encrypt SSL configurations.

I’m assuming all the <VirtualHost *> directives are for non-TLS websites, correct?

If so, I would suggest modifying all the configuration files you found here and change <VirtualHost *> (or <VirtualHost _default_>, that’s actually internally the same thing) into <VirtualHost *:80>.

And after that try certbot again.

By the way, the files in /etc/apache2/sites-enabled/ are probably just symbolic links to the same files in /etc/apache2/sites-available/, so you’ll only need to edit the files once in either one of the directories. But you should obviously check this to be sure :wink:


#7

Thank you, it works now!


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.