The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found '' [SOLVED]


#1

OS: Ubuntu 14.04.3 LTS

When I first ran letsencrypt, it installed some packages, and there was one error that said

SNI (Subject Name Indication) extension to TLS is not available on this platform

I think I fixed that by doing distro upgrade and then running this:

pip install --upgrade ndg-httpsclient

Still getting this error:

:~/letsencrypt# ./letsencrypt-auto --apache --debug -d www.healthcarecost.info

Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --apache --debug -d www.healthcarecost.info
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 1398, in main
    return args.func(args, config, plugins)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 559, in run
    lineage = _auth_from_domains(le_client, config, domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 404, in _auth_from_domains
    lineage = le_client.obtain_and_enroll_certificate(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 283, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 266, in obtain_certificate
    return self._obtain_certificate(domains, csr) + (key, csr)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py", line 224, in _obtain_certificate
    authzr = self.auth_handler.get_authorizations(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 84, in get_authorizations
    self._respond(cont_resp, dv_resp, best_effort)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 142, in _respond
    self._poll_challenges(chall_update, best_effort)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 204, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. www.healthcarecost.info (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found ''


IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.healthcarecost.info
   Type:   urn:acme:error:unauthorized
   Detail: Correct zName not found for TLS SNI challenge. Found ''

#2

It probably has something to do with the fact this domain currently has a certificate installed for olegkikin.com.

The Apache plugin uses a temporary certificate for the TLS-SNI-01 challenge, so it’ll probably work if you’d disable the HTTPS virtualhost for this domain altogether. Then, the Apache plugin will use the non-HTTPS virtualhost as a template to install the certificate by generating its own HTTPS virtualhost. (Which you can afterwards edit to your preference ofcourse.)


#3

That was the issue, some old cert references. So now it works in Chrome and IE, but not in Firefox:

Chrome: http://i.imgur.com/VsTyHzo.png

Firefox: http://i.imgur.com/jywDts4.png


#4

Nevermind, resolved it by following this:

https://mozilla.github.io/server-side-tls/ssl-config-generator/

THANK YOU!!!