I’m very excited to use the service, but I seem to have run across a catch-22 for my deployment needs.
When running:
…/letsencrypt-master/letsencrypt-auto --test-cert certonly --standalone --email admin@pachyderm.io -d pachyderm.io -d www.pachyderm.io -d pachyderm.com -d www.pachyderm.com
I get the following error:
Domain: pachyderm.com
Type: unauthorized
Detail: Correct zName not found for TLS SNI challenge. Found
’cloudfront.net, *.cloudfront.net’
We’re using Amazon / Cloudfront / S3 to host a static website.
Amazon seems to require that I upload a valid private key / cert before I change how they serve SSL.
Practically speaking, that means that I cannot enable SNI until I have a cert uploaded. Hence the catch 22
I’m looking for suggestions to get past this hurdle. To me, the only approaches I see (in theory … not sure if these are possible) are:
- generate my own cert thats unsigned // see if I can get that uploaded on amazon (my current understanding makes this seem unlikely) // enable SNI // then use letsencrypt to generate a valid cert
- configure letsencrypt to not check for SNI support? (But this seems unlikely since you don’t support wildcards)