Hi,
I was unable to renew my certificates on a webserver. Removed them and tryed to create new ones. This fails with the following message:
Failed authorization procedure. odoo.ex-nihilo-paris.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 17b1dc0fff166e54361b527a012851e4.5cf4899048b6d55247147a2358a56424.acme.invalid from [2001:41d0:8:8ad3::]:443. Received 1 certificate(s), first certificate had names "odoo.ex-nihilo-paris.com"
Domain: odoo.ex-nihilo-paris.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
17b1dc0fff166e54361b527a012851e4.5cf4899048b6d55247147a2358a56424.acme.invalid
from [2001:41d0:8:8ad3::]:443. Received 1 certificate(s), first
certificate had names "odoo.ex-nihilo-paris.com"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
My domain is: odoo.ex-nihilo-paris.com
I ran this command: sudo certbot --nginx
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: odoo.ex-nihilo-paris.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):1
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for odoo.ex-nihilo-paris.com
Generating key (1024 bits): /var/lib/letsencrypt/snakeoil/0003_key.pem
/usr/lib/python2.7/dist-packages/OpenSSL/rand.py:58: UserWarning: implicit cast from 'char *' to a different pointer type: will be forbidden in the future (check that the types are as you expect; use an explicit ffi.cast() if they are correct)
result_code = _lib.RAND_bytes(result_buffer, num_bytes)
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. odoo.ex-nihilo-paris.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 17b1dc0fff166e54361b527a012851e4.5cf4899048b6d55247147a2358a56424.acme.invalid from [2001:41d0:8:8ad3::]:443. Received 1 certificate(s), first certificate had names "odoo.ex-nihilo-paris.com"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: odoo.ex-nihilo-paris.com
Type: unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge.
Requested
17b1dc0fff166e54361b527a012851e4.5cf4899048b6d55247147a2358a56424.acme.invalid
from [2001:41d0:8:8ad3::]:443. Received 1 certificate(s), first
certificate had names "odoo.ex-nihilo-paris.com"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Checked the DNS configuration: correct.
$ dig odoo.ex-nihilo-paris.com A +short
5.39.72.211
dig odoo.ex-nihilo-paris.com AAAA +short
2001:41d0:8:8ad3::
Access to http://odoo.ex-nihilo-paris.com/.well-known/test.txt works fine on both a IPv4 computer and IPv6 computer.
My web server is (include version): nginx/1.6.2
The operating system my web server runs on is (include version): Debian 8 Jessie
(edited, was Ubuntu 16.04 by mistake)
My hosting provider, if applicable, is: OVH.com
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no