today I wanted to renew ssl certificates for domain digrin.com. However I ran into problems:
Failed authorization procedure. www.digrin.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found '*.rhcloud.com, rhcloud.com' IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.digrin.com Type: unauthorized Detail: Correct zName not found for TLS SNI challenge. Found '*.rhcloud.com, rhcloud.com' To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
Domain is hosted in cloud - Openshift Online - Amazon AWS. That means, IP can change and I use CNAME instead of A tag. How do I renew certificate in this case? I tried to add A tag for domain, but its not very good approach since it can change. It does not work anyway (may be DNS were not updated yet??)
Command that gave me above mentioned output is this:
./letsencrypt-auto certonly --email email@example.com --agree-tos --manual-public-ip-logging-ok -d www.digrin.com.
I want to create certificates on my laptop and upload them to server afterwards.