Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=destiny.to ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: destiny.to
I ran this command: ./certbot-auto --expand -d destiny.to,destiny.to,ask.destiny.to
It produced this output:
The client lacks sufficient authorization :: Invalid response from http://ask.destiny.to/.well-known/acme-challenge/_aHb14Nxxxxx
My web server is (include version): apache httpd-2.2.15-69.el6.centos.x86_64
The operating system my web server runs on is (include version): CentOS 6.10
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
Here is the scenario
My site ( destiny.to ) runs on a server running apache , mainly PHP scripts and Java servlets. The LE certs is installed in /etc/letsencrypt/ , it works fine.
There is another subdomain : ask.destiny.to , running on another server (different machine , different IP) , running nginx ( nginx-1.10.2-1.el7.x86_64 ) , it’s not LE enabled.
I tried to expand my cert to this subdomain
./certbot-auto --expand -d destiny.to,destiny.to,ask.destiny.to
but it shows the above error.
It seems certbot “assumes” the subdomain is on the same server , but that’s not my case.
The subdomain is on another server , running nginx instead of apache …
What should I do now ?