Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: screamfreely.org
I ran this command: certbot --nginx -d screamfreely.org -d www.screamfreely.org
It produced this output:
Cleaning up challenges
2018/02/14 13:22:57 [notice] 31221#31221: signal process started
Failed authorization procedure. screamfreely.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested e0150b6cbb6acee21427da9a137988ca.7820065cd789be9d817bfa9130388018.acme.invalid from [2600:3c00::f03c:91ff:febb:adc4]:443. Received 2 certificate(s), first certificate had names "api.mnactivist.org, mnactivist.org, www.mnactivist.org", www.screamfreely.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 867237698a1a1ddac87fb8c1319998de.d150fe36bcd7ad2fb04083d40ccc40be.acme.invalid from [2600:3c00::f03c:91ff:febb:adc4]:443. Received 2 certificate(s), first certificate had names "api.mnactivist.org, mnactivist.org, www.mnactivist.org"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: screamfreely.org
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
e0150b6cbb6acee21427da9a137988ca.7820065cd789be9d817bfa9130388018.acme.invalid
from [2600:3c00::f03c:91ff:febb:adc4]:443. Received 2
certificate(s), first certificate had names "api.mnactivist.org,
mnactivist.org, www.mnactivist.org"
Domain: www.screamfreely.org
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
867237698a1a1ddac87fb8c1319998de.d150fe36bcd7ad2fb04083d40ccc40be.acme.invalid
from [2600:3c00::f03c:91ff:febb:adc4]:443. Received 2
certificate(s), first certificate had names "api.mnactivist.org,
mnactivist.org, www.mnactivist.org"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
When I run this command: certbot certonly --cert-name mnactivist.org -d api.mnactivist.org -d www.mnactivist.org -d screamfreely.org -d www.screamfreely.org -d mnactivist.org
For which I get the following response:
Performing the following challenges:
tls-sni-01 challenge for api.mnactivist.org
tls-sni-01 challenge for www.mnactivist.org
tls-sni-01 challenge for screamfreely.org
tls-sni-01 challenge for www.screamfreely.org
tls-sni-01 challenge for mnactivist.org
2018/02/14 13:23:24 [notice] 31337#31337: signal process started
Waiting for verification...
Cleaning up challenges
2018/02/14 13:23:29 [notice] 31413#31413: signal process started
Failed authorization procedure. screamfreely.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 5a1688e79d0db5338b99a6e843ba16bf.538d8b41d1a4de7f36ff4c9d4d863ffd.acme.invalid from [2600:3c00::f03c:91ff:febb:adc4]:443. Received 1 certificate(s), first certificate had names "16d4fe750dc0cb58f223ea38a4aef25d.da278aa5b5d8b910ad23ea4c3c48c853.acme.invalid, dummy", www.screamfreely.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested dd9a7602a4faf15fef40d7f4f15fc4d9.b2fa776135f9987a9bc14deec98a6b92.acme.invalid from [2600:3c00::f03c:91ff:febb:adc4]:443. Received 1 certificate(s), first certificate had names "16d4fe750dc0cb58f223ea38a4aef25d.da278aa5b5d8b910ad23ea4c3c48c853.acme.invalid, dummy"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: screamfreely.org
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
5a1688e79d0db5338b99a6e843ba16bf.538d8b41d1a4de7f36ff4c9d4d863ffd.acme.invalid
from [2600:3c00::f03c:91ff:febb:adc4]:443. Received 1
certificate(s), first certificate had names
"16d4fe750dc0cb58f223ea38a4aef25d.da278aa5b5d8b910ad23ea4c3c48c853.acme.invalid,
dummy"
Domain: www.screamfreely.org
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
dd9a7602a4faf15fef40d7f4f15fc4d9.b2fa776135f9987a9bc14deec98a6b92.acme.invalid
from [2600:3c00::f03c:91ff:febb:adc4]:443. Received 1
certificate(s), first certificate had names
"16d4fe750dc0cb58f223ea38a4aef25d.da278aa5b5d8b910ad23ea4c3c48c853.acme.invalid,
dummy"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I did use the following command: certbot certonly --webroot -d screamfreely.org -d www.screamfreely.org
This seemed to work – but upon visiting the site, throws and error and says the cert is assigned to api.mnactivist.org …?
I’m incredibly confused, and would appreciate any insight or direction available. Thank you.
My web server is (include version): nginx
The operating system my web server runs on is (include version): Arch Linux (fully up-to-date)
My hosting provider, if applicable, is: Linode
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no