Solved: Incorrect validation certificate and showing weird domain names

Hi everyone.

My domain is:

I ran this command: ./certbot-auto

It produced this output:

   Type:   unauthorized
   Detail: Incorrect validation certificate for tls-sni-01 challenge.
   from [2400:cb00:2048:1::6819:cf66]:443. Received 3 certificate(s),
   first certificate had names "*,
   *, *, *,
   *, *, *,
   *, *, *,
   *, *, *,
   *, *, *,
   *, *, *, *,
   *, *, *,
   *, *, *,,,,,,,,,,,,,,,,,,,,,,,,,,,"

My web server is (include version): Apache 2.2.15

The operating system my web server runs on is (include version): Centos 6

I can login to a root shell on my machine, yes!

The list of domains is very worrying!!?!? What’s going on?

Hi @markushausammann,

It looks like is pointed at and, which are both IPs owned by Cloudflare.

Cloudflare is terminating the Let's Encrypt validation authorities challenge request with a certificate that has domain names for many of their customers (probably yours included) and that's why you see unfamiliar names. This is a very common practice with CDNs like Cloudflare.

You will want to use the HTTP-01 challenge (Certbot's webroot mode) if you intend to have Cloudflare in front of the domain you're issuing for with Let's Encrypt.

If you provide more information about how you're using Certbot someone will likely be able to give some concrete advice.

Hope that helps!

1 Like

I just keep forgetting about the existence of Cloudflare… this explains a lot of course. I guess now I might be able to solve the problem. Thanks for the input, I should have known.

1 Like

Hi @cpu, that was it, I don’t even need a letsencrypt cert for this domain. I had an old valid cert which expired and Cloudflare setting “Full (strict)”. With changing that to strict I’m fine.

1 Like

Great! Glad to hear you have everything you need :slight_smile: :tada:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.