[Solved] Certbot errors trying to generate a certificate

Hi there beautiful community.

I am struggling trying to generate a “new” certificate. I generated certificates for my server a few times before and all of them worked. I formatted and reinstalled the OS and then it’s not working anymore.

The full domain name of my site is: sandbox.sierraminera.com
The command line I ran: certbot --apache -d sandbox.sierraminera.com -d www.sandbox.sierraminera.com
I also tried following the steps for: certbot --apache
I don’t have any issue doing this in my other servers, which are under subdomains of the same domain.
The output of the first command:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for sandbox.sierraminera.com
tls-sni-01 challenge for www.sandbox.sierraminera.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. sandbox.sierraminera.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks 
sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 
834bf0fcaf7a05b254bcbbc4a49fbe53.ca26e9b8281998a3c805db9feb3a7203.acme.invalid from 185.44.26.220:443.                 
Received 1 certificate(s), first certificate had names "192.168.168.168", www.sandbox.sierraminera.com (tls-sni-01): 
urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 
challenge. Requested 2ad0e7ddc323de47e97e872b9972b7e3.58d71913aa635518dcf3cc212d3d3a6a.acme.invalid 
from 185.44.26.220:443. Received 1 certificate(s), first certificate had names "192.168.168.168"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: sandbox.sierraminera.com
   Type:   unauthorized
   Detail: Incorrect validation certificate for tls-sni-01 challenge.
   Requested
   834bf0fcaf7a05b254bcbbc4a49fbe53.ca26e9b8281998a3c805db9feb3a7203.acme.invalid
   from 185.44.26.220:443. Received 1 certificate(s), first
   certificate had names "192.168.168.168"

   Domain: www.sandbox.sierraminera.com
   Type:   unauthorized
   Detail: Incorrect validation certificate for tls-sni-01 challenge.
   Requested
   2ad0e7ddc323de47e97e872b9972b7e3.58d71913aa635518dcf3cc212d3d3a6a.acme.invalid
   from 185.44.26.220:443. Received 1 certificate(s), first
   certificate had names "192.168.168.168"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

The A record for the domain sandbox.sierraminera.com is pointing to 185.44.26.220, which is the IP of the server from where I am issuing the command. Ports 80 and 443 opened.

I don’t know where the IP 192.168.168.168 is coming from. I am under a SonicWall firewall by the way, but this wasn’t a problem before.

Name and version of my OS: Ubuntu Server 16.04
Name and version of my web server: Apache 2.4
I am not using a hosting provider. I have full control of the web server.

Thank you all guys!

--apache uses port tls-sni-01 on port 443

http://sandbox.sierraminera.com connects to your web site.
https://sandbox.sierraminera.com connects to a SONICWALL Network Security Appliance:

3 Likes

Problem solved.

I wasn’t seeing the SonicWall’s site because I was accessing it from the same network and thought all the port forwarding was OK.

I talked to my sys admin and he solved the port redirection issue.

Thanks for the screenshot @rg305!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.