Trouble with renewing SSL certificate

Please fill out the fields below so we can help you better.

My domain is: justanotherwhiteguy.com

I ran this command: sudo letsencrypt

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel):justanotherwhiteguy.com
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for justanotherwhiteguy.com
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. justanotherwhiteguy.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 632a85b11faf03cf68b0e4762d2543aa.c16bc814eca60c71c695506525fa1b97.acme.invalid from 24.217.35.240:443. Received 2 certificate(s), first certificate had names "justanotherwhiteguy.com, www.justanotherwhiteguy.com"

IMPORTANT NOTES:

• The following errors were reported by the server:

Domain: justanotherwhiteguy.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
632a85b11faf03cf68b0e4762d2543aa.c16bc814eca60c71c695506525fa1b97.acme.invalid
from 24.217.35.240:443. Received 2 certificate(s), first
certificate had names "justanotherwhiteguy.com,
www.justanotherwhiteguy.com"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

My web server is (include version): Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 16.04.2

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

Try entering both names (as found in the current cert):

Similar issue

Saving debug log to /var/log/letsencrypt/letsencrypt.log
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel):justanotherwhiteguy.com www.justanotherwhiteguy.com
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for justanotherwhiteguy.com
tls-sni-01 challenge for www.justanotherwhiteguy.com
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.justanotherwhiteguy.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested d784fec99b92921efa81ded5eabc1164.9e63d334c51f096f313f573cbb2dd169.acme.invalid from 24.217.35.240:443. Received 2 certificate(s), first certificate had names "justanotherwhiteguy.com, www.justanotherwhiteguy.com", justanotherwhiteguy.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 900867af4fd197fee00e910ab196b2c4.b704b1037d6df441a7c9e26f62980503.acme.invalid from 24.217.35.240:443. Received 2 certificate(s), first certificate had names "justanotherwhiteguy.com, www.justanotherwhiteguy.com"

IMPORTANT NOTES:

• The following errors were reported by the server:

Domain: www.justanotherwhiteguy.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
d784fec99b92921efa81ded5eabc1164.9e63d334c51f096f313f573cbb2dd169.acme.invalid
from 24.217.35.240:443. Received 2 certificate(s), first
certificate had names "justanotherwhiteguy.com,
www.justanotherwhiteguy.com"

Domain: justanotherwhiteguy.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
900867af4fd197fee00e910ab196b2c4.b704b1037d6df441a7c9e26f62980503.acme.invalid
from 24.217.35.240:443. Received 2 certificate(s), first
certificate had names "justanotherwhiteguy.com,
www.justanotherwhiteguy.com"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

I think there may be an confusion with your vhost file for that domain and another vhost file (possibly for “default”).
Which may require you to direct the LE to the specific webroot for the domain.
try:
sudo letsencrypt --webroot /local/path/to/site/files

You are absolutely correct. facepalm… I recently migrated my website to my new server and my daily driver is now my old server…I was trying to renew the cert on the wrong server.

Just to be clear, the approach that @rg305 proposed uses a completely different validation method (even on a different TCP port) and also does not use an installer, so it wouldn’t be able to restart the web server for you. It may be more likely to work on some systems that encounter this problem, but it’s not a drop-in replacement to perform the same task!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.