Solved. Incorrect validation certificate for TLS-SNI-01 for the default domain on the ip address. Other successful

Hello!
I have a server ubuntu 12.04 + apache. Multiple domains travelandia.ru telebal.ru cvetochnik.com otdih-krim.com
domain otdih-abhazia.ru - the primary domain, which is opened on the ip address of the server.
I have successfully installed the certificates for all domains except otdih-abhazia.ru
As I understand it, is checked by the ip address 95.182.40.5. If you open http://95.182.40.5/ will see otdih-abhazia.ru but if you open HTTPS://95.182.40.5/ will see cvetochnik.com. Since verification is done over HTTPS and ip address that apache opens the first available https domain in the list (cvetochnik.com) in my case.
What changes to make to the Apache config files?
The text of the log below.

2017-03-19 09:48:25,117:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: www.otdih-abhazia.ru
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 41c97cd266a73a636039d9975e73a0a6.08ff311667012677520065e51301ce2a.acme.invalid from 95.182.40.5:443. Received 2 certificate(s), first certificate had names β€œcvetochnik.com, www.cvetochnik.com”

Domain: otdih-abhazia.ru
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge. Requested f2d20cc90bd17b05461451f26a4c6a7a.358bbbff7ffa9e7ae99c7124481f3f6a.acme.invalid from 95.182.40.5:443. Received 2 certificate(s), first certificate had names β€œcvetochnik.com, www.cvetochnik.com”

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2017-03-19 09:48:25,117:INFO:certbot.auth_handler:Cleaning up challenges
2017-03-19 09:48:25,280:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File β€œ~/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File β€œ/root/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 896, in main
return config.func(config, plugins)
File β€œ/root/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 607, in run
certname, lineage)
File β€œ/root/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py”, line 92, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File β€œ/root/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py”, line 294, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File β€œ/root/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py”, line 265, in obtain_certificate
self.config.allow_subset_of_names)
File β€œ/root/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 77, in get_authorizations
self._respond(resp, best_effort)
File β€œ/root/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 134, in _respond
self._poll_challenges(chall_update, best_effort)
File β€œ/root/~/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 198, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. www.otdih-abhazia.ru (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 41c97cd266a73a636039d9975e73a0a6.08ff311667012677520065e51301ce2a.acme.invalid from 95.182.40.5:443. Received 2 certificate(s), first certificate had names β€œcvetochnik.com, www.cvetochnik.com”, otdih-abhazia.ru (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested f2d20cc90bd17b05461451f26a4c6a7a.358bbbff7ffa9e7ae99c7124481f3f6a.acme.invalid from 95.182.40.5:443. Received 2 certificate(s), first certificate had names β€œcvetochnik.com, www.cvetochnik.com”

I solved the problem. domains in apache have been listed in the following order: cvetochnik.com www.cwetochnik.com otdih-abhazia.ru www.otdih-abhazia.ru . I deleted the virtual server cvetochnik.com (cvetochnik.com.conf) accordingly otdih-abhazia.ru it is shown by default. Received, a certificate with the command ./certbot-auto --apache. Then used the same command ./certbot-auto --apache cvetochnik.com but chose recovery configuration without obtaining a new certificate

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.