The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found '' [SOLVED]


OS: Ubuntu 14.04.3 LTS

When I first ran letsencrypt, it installed some packages, and there was one error that said

SNI (Subject Name Indication) extension to TLS is not available on this platform

I think I fixed that by doing distro upgrade and then running this:

pip install --upgrade ndg-httpsclient

Still getting this error:

:~/letsencrypt# ./letsencrypt-auto --apache --debug -d

Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --apache --debug -d
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/", line 1398, in main
    return args.func(args, config, plugins)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/", line 559, in run
    lineage = _auth_from_domains(le_client, config, domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/", line 404, in _auth_from_domains
    lineage = le_client.obtain_and_enroll_certificate(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/", line 283, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/", line 266, in obtain_certificate
    return self._obtain_certificate(domains, csr) + (key, csr)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/", line 224, in _obtain_certificate
    authzr = self.auth_handler.get_authorizations(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/", line 84, in get_authorizations
    self._respond(cont_resp, dv_resp, best_effort)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/", line 142, in _respond
    self._poll_challenges(chall_update, best_effort)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/", line 204, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found ''

 - The following errors were reported by the server:

   Type:   urn:acme:error:unauthorized
   Detail: Correct zName not found for TLS SNI challenge. Found ''


It probably has something to do with the fact this domain currently has a certificate installed for

The Apache plugin uses a temporary certificate for the TLS-SNI-01 challenge, so it’ll probably work if you’d disable the HTTPS virtualhost for this domain altogether. Then, the Apache plugin will use the non-HTTPS virtualhost as a template to install the certificate by generating its own HTTPS virtualhost. (Which you can afterwards edit to your preference ofcourse.)


That was the issue, some old cert references. So now it works in Chrome and IE, but not in Firefox:




Nevermind, resolved it by following this: