Subdomain cert using node acme client

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

Hello, Apologies if this question seems naive. I am trying to get a certificate for a subdomain using node-acme-client (works fine for a domain), and I get the following error at client.verifyChallenge(authz, httpChallenge). I am using letsencrypt staging directory, and const order = await acmeClient.createOrder({ identifiers: [ { type: 'dns', value: domain } ] }); to create order.
Can anyone please guide why I am getting this error, is this related to how I am creating the order or a limitation of node-acme-client etc.?
Note: When I try the same using certbot, it issues a certificate without any error.

It produced this output:
Error: Hostname/IP does not match certificate's altnames: Host: is not in the cert's altnames:

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.2.0

Hi @waiz, and welcome to the LE community forum :slight_smile:

Version 2.6.0 is latest.

Can you show that public cert?
Did you obtain a cert for the login subdomain?


Thanks @rg305. Yes, I was able to successfully obtain cert for using certbot. I misspelled the domain earlier. Cert is live now, you can view the cert here.
Certbot works fine, but I am facing issues with node-acme-client. As I have already shared I get the following error in the case of subdomain on node-acme-client. Can you please tell me what's the issue here? Is it node-acme-client limitation?
Error: Hostname/IP does not match certificate's altnames: Host: is not in the cert's altnames:

1 Like

I don't think I have enough information to be certain.
Based on what [I think] I know...
The error indicates that site you are reaching has a cert that doesn't carry the login subdomain.
But I can't tell anything else about that connection.
From the Internet, the login site seems to be correctly secured [via HTTPS].
If you are connecting via some other method [VPN, internal network. etc.], then that might be part of why you are seeing the wrong cert.


Two things of interest:


I think I have not explained the problem correctly. So, the issue was that I couldn't issue an SSL certificate to a subdomain using node-acme-client with letsencrypt staging directory. I was facing the above-mentioned error on the HTTP challenge verification step, but everything was working smoothly on certbot.
Turns out I just needed to make small changes on nginx configuration. So, the issue was in nginx configuration, now node-acme-client is also working fine. And issues certificate to subdomains without any problem. Thank you for your time! :smiley:


Yeah, so basically this is just a test domain. I issued and revoked the certificate to check how long it will take to actually get revoked.
Can you please tell me why this certificate is still "valid" for the browsers?

Because not all browsers check the OCSP status


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.