So strange case

I am trying to make a certificate and when i run the command

sudo certbot --nginx certonly

I choose my website “domain56.com” but it give an error.

• The following errors were reported by the server:

  Domain: domain56.com
  Type: unauthorized
  Detail: Incorrect validation certificate for tls-sni-01 challenge.
  Requested
  4092301845df4aa5747c978d¡0b58209.d921c84291fc52287b91ef42e26d9596.acme.invalid
  from 51.215.41.121:443. Received 2 certificate(s), first
  certificate had names “domain.pro, www.domain.pro”

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

And when i go to firefox domain56.com is working with a domain.pro certicate with expired date 06/04/2018
And when i go to firefox domain.pro has a expired date 25/02/2018

How its possible? whats happening?

Ah! i checked the folders and i only have a folder with domain.pro certificate, non with domain56.com

What should i do? Its good if i delete all the certificates and make a new ones, for each domain?

you need to review what the certonly parameter does

certonly Obtain or renew a certificate, but do not install it

Andrei

thx for the reply.

all the guides that i read, they use the command certonly

Then i should use “run” instead cenrtonly?

run is the default — you can just use certbot --nginx.

However, you should wait before doing this because there is currently a security issue which has resulted in the disabling of the TLS-SNI-01 method that --nginx uses.

(I’m not sure that the certonly issue was the true underlying reason for the error you saw before, but it’s not possible to do a meaningful test of that while this security issue is ongoing.)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.