My domain is:
www.trymarketspace.com
I ran this command:
certbot certonly
It produced this output:
Failed authorization procedure
The client lacks sufficient authorization
Domain: www.trymarketspace.com
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
Requested
73f05368ac43935ebc2be7afc6781d29.56490cdbe84878026bf3b48a32352ffc.acme.invalid
from 50.16.239.64:443. Received certificate containing
’www.trymarketspace.com, trymarketspace.com, …
My operating system is (include version):
Ubuntu 14.04 (https://devcenter.heroku.com/articles/stack#cedar)
My web server is (include version):
Node.js, Express
My hosting provider, if applicable, is:
Heroku
I can login to a root shell on my machine (yes or no, or I don’t know):
no
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Heroku admin
Details:
I have an existing production site on Heroku using an SSL Endpoint which uses an existing UCC SAN certificate from another vendor for a number of domains, most of which are owned by my clients, and it also uses a wildcard cert from another vendor. I would like to replace both of there with Heroku’s SNI implementation and a Let’sEncrypt cert.
I’m using Sabayon to generate the certificate and install it on Heroku. This process worked successfully on my staging dynos on heroku which didn’t have an SSL Endpoint. However on the production dynos, the Let’s Encrypt request failed both when I tried it through Sabayon (with an EOF error) and with certbot as described above.
One difference I can see between the two farms is that the production one already has a SAN certificate but the staging one did not. There are likely other infrastructure differences on the Heroku side.
I’m able to browse to the production site and successfully see the challenge response at URL /.well-known/acme-challenge/…