Unauthorized error when renewing


#1

Getting the following error when I try to renew:

root@65shelbycobra:/home/ubuntu/Downloads/letsencrypt# ./letsencrypt-auto certonly --apache --renew-by-default --email hackerace@gmail.com --agree-tos -d 65shelbycobra.com
Checking for new version…
Requesting root privileges to run letsencrypt…
/root/.local/share/letsencrypt/bin/letsencrypt certonly --apache --renew-by-default --email hackerace@gmail.com --agree-tos -d 65shelbycobra.com
Failed authorization procedure. 65shelbycobra.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found ‘65shelbycobra.com

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: 65shelbycobra.com
    Type: unauthorized
    Detail: Correct zName not found for TLS SNI challenge. Found
    65shelbycobra.com

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

The command I am executing is:

./letsencrypt-auto certonly --apache --renew-by-default --email hackerace@gmail.com --agree-tos -d 65shelbycobra.com


#2

root@65shelbycobra:/home/ubuntu/Downloads/letsencrypt# dig 65shelbycobra.com

; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> 65shelbycobra.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28522
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;65shelbycobra.com. IN A

;; ANSWER SECTION:
65shelbycobra.com. 126 IN A 54.69.159.101

;; Query time: 0 msec
;; SERVER: 172.31.0.2#53(172.31.0.2)
;; WHEN: Thu Mar 03 19:50:11 UTC 2016
;; MSG SIZE rcvd: 62


#3

Normally, the Apache plugin will change the current certificate in place for said VirtualHost with a temporary self-signed certificate containing a piece of the challenge…

Apparently, something is going wrong…

Is there a reason why you’re using certonly? And could you run the client with the -vv switch for extra debugging info?


#4

2016-03-05 18:59:15,425:DEBUG:root:Requesting fresh nonce
2016-03-05 18:59:15,430:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2016-03-05 18:59:15,437:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-03-05 18:59:15,562:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-authz HTTP/1.1” 405 0
2016-03-05 18:59:15,571:DEBUG:root:Received <Response [405]>. Headers: {‘Content-Length’: ‘78’, ‘Pragma’: ‘no-cache’, ‘Expires’: ‘Sat, 05 Mar 2016 18:59:25 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Allow’: ‘POST’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Sat, 05 Mar 2016 18:59:25 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘igACyGCtpTkBq6cDSLwFAPkwpqV2dDNd6I1RjwKzIKI’}. Content: ‘‘
2016-03-05 18:59:15,577:DEBUG:acme.client:Storing nonce: ‘\x8a\x00\x02\xc8`\xad\xa59\x01\xab\xa7\x03H\xbc\x05\x00\xf90\xa6\xa5vt3]\xe8\x8dQ\x8f\x02\xb3 \xa2’
2016-03-05 18:59:15,582:DEBUG:acme.jose.json_util:Omitted empty fields: expires=None, challenges=None, status=None, combinations=None
2016-03-05 18:59:15,588:DEBUG:acme.client:Serialized JSON: {“identifier”: {“type”: “dns”, “value”: “65shelbycobra.com”}, “resource”: “new-authz”}
2016-03-05 18:59:15,594:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
2016-03-05 18:59:15,602:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
2016-03-05 18:59:15,607:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “tNCAEMXXfZet2f_903yPoqwDx8F0_CAlMJcGACpfEUvu5uZrz4An_yWoPlbvUdnL0fSKCw9YmpP9E4TQODSpt5b_sYtTV8t26fPXMXz-9-BY9mRcWl7jd_XdON7doEN5p5SKFMeScv-hzk6NoZQ7cUDrPw5aVDDtVj3oT1yDmFxXzlLBBYejAsD2GSwIRLrWUPyKBZ7YVJeDGff6N3R5yguyTjg0zfJfj_MlU0UJUz3S1aD926WByiR49-YtfLJNV5NZVImpOju-sd6D1RjbqJnLXpcjINroYZCOhMY8Y6PN7S9EAapv3rXZ0rYIJZdsD99YYDJGTkJlrMGSMFj-Pw”}}, “protected”: “eyJub25jZSI6ICJpZ0FDeUdDdHBUa0JxNmNEU0x3RkFQa3dwcVYyZEROZDZJMVJqd0t6SUtJIn0”, “payload”: “eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICI2NXNoZWxieWNvYnJhLmNvbSJ9LCAicmVzb3VyY2UiOiAibmV3LWF1dGh6In0”, “signature”: “R1fl0zpgFnYzLRt3-XKoTjNSWPdamjkzbpqh9aKjvuhSau_P0BRChF79z5FDnGOND2zkgwcEMhlMXfljc4qN8bhWCxptNYr13amgJaMNufYAOSzGjECu5lLJCqm8_FC03Eg80Hd6cBfPOsN4uSP3OnBgAwYWaHtBuxz9A3EC7NiqEighsjL4_z8iql6X2ZRhyneVITDetsdqHJoJlq2P6tVIbas_fcgvoAr-uVcYcE76EBsAXDjrJlm3tKXZO9LIWFaz4UG6r2rIgSwLAIBssTzKXhpuSI4Xqq2N11z0qmYahjo1vIrV0p0DXhbB_7iwXz_KEHCzzw9F-EPK9HyKsw”}’}
2016-03-05 18:59:15,614:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-03-05 18:59:16,150:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-authz HTTP/1.1” 201 780
2016-03-05 18:59:16,159:DEBUG:root:Received <Response [201]>. Headers: {‘Content-Length’: ‘780’, ‘Expires’: ‘Sat, 05 Mar 2016 18:59:26 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Sat, 05 Mar 2016 18:59:26 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘SbhalQzoHF6RDG0IhIcM0K_0JRonKw7POQSPD4pEHYI’}. Content: ‘{“identifier”:{“type”:“dns”,“value”:“65shelbycobra.com”},“status”:“pending”,“expires”:“2016-03-12T18:59:26.209382156Z”,“challenges”:[{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344401",“token”:“o-L4Ptk41U6nkjSMgd12nKMgdV60CVE2Dwg_hzZfbtU”},{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344402”,“token”:“bfYcrD9x6k8Yl-JHzIJmIzVNqr2MY7bmzE8cpPICsYc”},{“type”:“dns-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344403”,“token”:“rkMJRojPpQ6Rwj6utPTA5x09kF0R0Q1XdqV35CRoBPY”}],"combinations”:[[1],[2],[0]]}‘
2016-03-05 18:59:16,165:DEBUG:acme.client:Storing nonce: "I\xb8Z\x95\x0c\xe8\x1c^\x91\x0cm\x08\x84\x87\x0c\xd0\xaf\xf4%\x1a’+\x0e\xcf9\x04\x8f\x0f\x8aD\x1d\x82"
2016-03-05 18:59:16,170:DEBUG:acme.client:Received response <Response [201]> (headers: {‘Content-Length’: ‘780’, ‘Expires’: ‘Sat, 05 Mar 2016 18:59:26 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Sat, 05 Mar 2016 18:59:26 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘SbhalQzoHF6RDG0IhIcM0K_0JRonKw7POQSPD4pEHYI’}): ‘{“identifier”:{“type”:“dns”,“value”:“65shelbycobra.com”},“status”:“pending”,“expires”:“2016-03-12T18:59:26.209382156Z”,“challenges”:[{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344401",“token”:“o-L4Ptk41U6nkjSMgd12nKMgdV60CVE2Dwg_hzZfbtU”},{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344402”,“token”:“bfYcrD9x6k8Yl-JHzIJmIzVNqr2MY7bmzE8cpPICsYc”},{“type”:“dns-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344403”,“token”:“rkMJRojPpQ6Rwj6utPTA5x09kF0R0Q1XdqV35CRoBPY”}],"combinations”:[[1],[2],[0]]}‘
2016-03-05 18:59:16,177:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u’status’: u’pending’, u’token’: u’rkMJRojPpQ6Rwj6utPTA5x09kF0R0Q1XdqV35CRoBPY’, u’type’: u’dns-01’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344403’}
2016-03-05 18:59:16,183:INFO:letsencrypt.auth_handler:Performing the following challenges:
2016-03-05 18:59:16,188:INFO:letsencrypt.auth_handler:tls-sni-01 challenge for 65shelbycobra.com
2016-03-05 18:59:16,404:DEBUG:letsencrypt_apache.tls_sni_01:Adding Include /etc/apache2/le_tls_sni_01_cert_challenge.conf to /files/etc/apache2/apache2.conf
2016-03-05 18:59:16,411:DEBUG:letsencrypt_apache.tls_sni_01:writing a config file with text:

<VirtualHost 54.200.36.86:443>
ServerName 62f56e488e351dcb96c35a94a522d996.f1f9c7959ec769315baa7b66f79b80da.acme.invalid
UseCanonicalName on
SSLStrictSNIVHostCheck on

LimitRequestBody 1048576

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /var/lib/letsencrypt/bfYcrD9x6k8Yl-JHzIJmIzVNqr2MY7bmzE8cpPICsYc.crt
SSLCertificateKeyFile /var/lib/letsencrypt/bfYcrD9x6k8Yl-JHzIJmIzVNqr2MY7bmzE8cpPICsYc.pem

DocumentRoot /var/lib/letsencrypt/tls_sni_01_page/

2016-03-05 18:59:16,450:DEBUG:letsencrypt.reverter:Creating backup of /etc/apache2/apache2.conf
2016-03-05 18:59:19,584:INFO:letsencrypt.auth_handler:Waiting for verification…
2016-03-05 18:59:19,590:DEBUG:acme.client:Serialized JSON: {“keyAuthorization”: “bfYcrD9x6k8Yl-JHzIJmIzVNqr2MY7bmzE8cpPICsYc.PBv6WIGhCEgLSAm7Pi6-CGJXWShGdIix143kA5df1MA”, “type”: “tls-sni-01”, “resource”: “challenge”}
2016-03-05 18:59:19,596:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, jwk=None, x5t=None, x5tS256=None, cty=None, x5u=None, typ=None, alg=None, jku=None
2016-03-05 18:59:19,604:DEBUG:acme.jose.json_util:Omitted empty fields: x5c=(), crit=(), kid=None, nonce=None, x5tS256=None, cty=None, x5t=None, x5u=None, typ=None, jku=None
2016-03-05 18:59:19,609:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344402. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “tNCAEMXXfZet2f_903yPoqwDx8F0_CAlMJcGACpfEUvu5uZrz4An_yWoPlbvUdnL0fSKCw9YmpP9E4TQODSpt5b_sYtTV8t26fPXMXz-9-BY9mRcWl7jd_XdON7doEN5p5SKFMeScv-hzk6NoZQ7cUDrPw5aVDDtVj3oT1yDmFxXzlLBBYejAsD2GSwIRLrWUPyKBZ7YVJeDGff6N3R5yguyTjg0zfJfj_MlU0UJUz3S1aD926WByiR49-YtfLJNV5NZVImpOju-sd6D1RjbqJnLXpcjINroYZCOhMY8Y6PN7S9EAapv3rXZ0rYIJZdsD99YYDJGTkJlrMGSMFj-Pw”}}, “protected”: “eyJub25jZSI6ICJTYmhhbFF6b0hGNlJERzBJaEljTTBLXzBKUm9uS3c3UE9RU1BENHBFSFlJIn0”, “payload”: “eyJrZXlBdXRob3JpemF0aW9uIjogImJmWWNyRDl4Nms4WWwtSkh6SUptSXpWTnFyMk1ZN2JtekU4Y3BQSUNzWWMuUEJ2NldJR2hDRWdMU0FtN1BpNi1DR0pYV1NoR2RJaXgxNDNrQTVkZjFNQSIsICJ0eXBlIjogInRscy1zbmktMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0”, “signature”: “dIeoR_nnffYmhNLejucJn4nwJpb33kB1okSAMvzRw6ObQImurXe8bsNTe-pabxE4INfZ8fCeXlhhSOuZCAcSljbTk-BnObaNuZDJBsj4w73O3Mq2uEvAPf-hQYkQSvk_KrX5cAhJOcKh5zB_zO_eY-P_HvL2CXyMPocTwIdcBYi-y66NGuur9OV-rPXLjCW714s4fW5WsJY3cZeRwB7ZNrb8F_QVdF3mDGcJOvtiMpCQSRBa5occW31DB7VRig8odtIHUGJPUqU5frUOb43bAsL9pghb0ulKpN4SQK8FYvU1QtoOW5XtSZbVjqCbrapTRjgWT6yCrjMrutQh4TKmow”}’}
2016-03-05 18:59:19,616:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-03-05 18:59:20,180:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344402 HTTP/1.1” 202 316
2016-03-05 18:59:20,189:DEBUG:root:Received <Response [202]>. Headers: {‘Content-Length’: ‘316’, ‘Expires’: ‘Sat, 05 Mar 2016 18:59:30 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg;rel=“up”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344402’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Sat, 05 Mar 2016 18:59:30 GMT’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘Ww_Lg3_yKwCGS3sfem6EVArzA4ers4MypnIKkgGKwjA’}. Content: '{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344402",“token”:“bfYcrD9x6k8Yl-JHzIJmIzVNqr2MY7bmzE8cpPICsYc”,“keyAuthorization”:"bfYcrD9x6k8Yl-JHzIJmIzVNqr2MY7bmzE8cpPICsYc.PBv6WIGhCEgLSAm7Pi6-CGJXWShGdIix143kA5df1MA”}‘
2016-03-05 18:59:20,196:DEBUG:acme.client:Storing nonce: ‘[\x0f\xcb\x83\x7f\xf2+\x00\x86K{\x1fzn\x84T\n\xf3\x03\x87\xab\xb3\x832\xa6r\n\x92\x01\x8a\xc20’
2016-03-05 18:59:20,201:DEBUG:acme.client:Received response <Response [202]> (headers: {‘Content-Length’: ‘316’, ‘Expires’: ‘Sat, 05 Mar 2016 18:59:30 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg;rel=“up”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344402’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Sat, 05 Mar 2016 18:59:30 GMT’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘Ww_Lg3_yKwCGS3sfem6EVArzA4ers4MypnIKkgGKwjA’}): ‘{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344402",“token”:“bfYcrD9x6k8Yl-JHzIJmIzVNqr2MY7bmzE8cpPICsYc”,“keyAuthorization”:"bfYcrD9x6k8Yl-JHzIJmIzVNqr2MY7bmzE8cpPICsYc.PBv6WIGhCEgLSAm7Pi6-CGJXWShGdIix143kA5df1MA”}‘
2016-03-05 18:59:23,211:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg. args: (), kwargs: {}
2016-03-05 18:59:23,219:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-03-05 18:59:23,517:DEBUG:requests.packages.urllib3.connectionpool:“GET /acme/authz/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg HTTP/1.1” 200 1145
2016-03-05 18:59:23,526:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘1145’, ‘Expires’: ‘Sat, 05 Mar 2016 18:59:33 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Sat, 05 Mar 2016 18:59:33 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘SOFOnKtqDyul_NdPMVGIXrK7tMsZSx9GJ-33-8r7Huk’}. Content: ‘{“identifier”:{“type”:“dns”,“value”:“65shelbycobra.com”},“status”:“invalid”,“expires”:“2016-03-12T18:59:26Z”,“challenges”:[{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344401",“token”:“o-L4Ptk41U6nkjSMgd12nKMgdV60CVE2Dwg_hzZfbtU”},{“type”:“tls-sni-01”,“status”:“invalid”,“error”:{“type”:“urn:acme:error:unauthorized”,“detail”:"Correct zName not found for TLS SNI challenge. Found ‘65shelbycobra.com’”},“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344402",“token”:“bfYcrD9x6k8Yl-JHzIJmIzVNqr2MY7bmzE8cpPICsYc”,“keyAuthorization”:“bfYcrD9x6k8Yl-JHzIJmIzVNqr2MY7bmzE8cpPICsYc.PBv6WIGhCEgLSAm7Pi6-CGJXWShGdIix143kA5df1MA”,“validationRecord”:[{“hostname”:“65shelbycobra.com”,“port”:“443”,“addressesResolved”:[“54.69.159.101”],“addressUsed”:“54.69.159.101”}]},{“type”:“dns-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344403”,“token”:“rkMJRojPpQ6Rwj6utPTA5x09kF0R0Q1XdqV35CRoBPY”}],"combinations”:[[1],[2],[0]]}‘
2016-03-05 18:59:23,533:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘1145’, ‘Expires’: ‘Sat, 05 Mar 2016 18:59:33 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Sat, 05 Mar 2016 18:59:33 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘SOFOnKtqDyul_NdPMVGIXrK7tMsZSx9GJ-33-8r7Huk’}): ‘{“identifier”:{“type”:“dns”,“value”:“65shelbycobra.com”},“status”:“invalid”,“expires”:“2016-03-12T18:59:26Z”,“challenges”:[{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344401",“token”:“o-L4Ptk41U6nkjSMgd12nKMgdV60CVE2Dwg_hzZfbtU”},{“type”:“tls-sni-01”,“status”:“invalid”,“error”:{“type”:“urn:acme:error:unauthorized”,“detail”:"Correct zName not found for TLS SNI challenge. Found ‘65shelbycobra.com’”},“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344402",“token”:“bfYcrD9x6k8Yl-JHzIJmIzVNqr2MY7bmzE8cpPICsYc”,“keyAuthorization”:“bfYcrD9x6k8Yl-JHzIJmIzVNqr2MY7bmzE8cpPICsYc.PBv6WIGhCEgLSAm7Pi6-CGJXWShGdIix143kA5df1MA”,“validationRecord”:[{“hostname”:“65shelbycobra.com”,“port”:“443”,“addressesResolved”:[“54.69.159.101”],“addressUsed”:“54.69.159.101”}]},{“type”:“dns-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344403”,“token”:“rkMJRojPpQ6Rwj6utPTA5x09kF0R0Q1XdqV35CRoBPY”}],"combinations”:[[1],[2],[0]]}‘
2016-03-05 18:59:23,539:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u’status’: u’pending’, u’token’: u’rkMJRojPpQ6Rwj6utPTA5x09kF0R0Q1XdqV35CRoBPY’, u’type’: u’dns-01’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/O_aRdN-kk0a39qrVStnYxMj1rYzE1CfFzaQUEGnfPOg/23344403’}
2016-03-05 18:59:23,545:INFO:letsencrypt.reporter:Reporting to user: The following errors were reported by the server:


#5

Domain: 65shelbycobra.com
Type: unauthorized
Detail: Correct zName not found for TLS SNI challenge. Found ‘65shelbycobra.com

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2016-03-05 18:59:23,551:INFO:letsencrypt.auth_handler:Cleaning up challenges
2016-03-05 18:59:23,747:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 1993, in main
return config.func(config, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 663, in run
lineage, action = _auth_from_domains(le_client, config, domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 458, in _auth_from_domains
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 252, in obtain_certificate
return self.obtain_certificate_from_csr(domains, csr) + (key, csr)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 225, in obtain_certificate_from_csr
authzr = self.auth_handler.get_authorizations(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 84, in get_authorizations
self._respond(cont_resp, dv_resp, best_effort)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 142, in _respond
self._poll_challenges(chall_update, best_effort)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 204, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. 65shelbycobra.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found ‘65shelbycobra.com

root@65shelbycobra:/var/log/letsencrypt# rm *
root@65shelbycobra:/var/log/letsencrypt# cd /home/ubuntu/Downloads/letsencrypt/
root@65shelbycobra:/home/ubuntu/Downloads/letsencrypt# 2016-03-05 18:59:23,526:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘1145’, ‘Expires’: 'Sat, 05 Mar 2016 18:59:33 17:DEBUG:requests.packages.urllib3.connectionpool:"GET /acmeroot@65shelbycobra:/home/ubuntu/Downloads/letsencrypt# echo ./letsencrypt-auto -vv --apache --renew-by-default --email hackerace@gmail.com --agree-tos -d 65shelbycobra.com
./letsencrypt-auto -vv --apache --renew-by-default --email hackerace@gmail.com --agree-tos -d 65shelbycobra.com
root@65shelbycobra:/home/ubuntu/Downloads/letsencrypt# echo ./letsencrypt-auto -vv --apache --renew-by-default --email hackerace@gmail.com --agree-tos -d 65shelbycobra.com > letsencryptrenewstring.txt
root@65shelbycobra:/home/ubuntu/Downloads/letsencrypt# ./letsencrypt-auto -vv --apache --renew-by-default --email hackerace@gmail.com --agree-tos -d 65shelbycobra.com > letsencryptrenewstring.txt
Failed authorization procedure. 65shelbycobra.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found ‘65shelbycobra.com
root@65shelbycobra:/home/ubuntu/Downloads/letsencrypt# cd /var/log/letsencrypt/
root@65shelbycobra:/var/log/letsencrypt# ls
letsencrypt.log letsencrypt.log.1
root@65shelbycobra:/var/log/letsencrypt# ls -l
total 24
-rw-r–r-- 1 root root 24013 Mar 5 19:06 letsencrypt.log
-rw-r–r-- 1 root root 0 Mar 5 19:06 letsencrypt.log.1
root@65shelbycobra:/var/log/letsencrypt# vi letsencrypt.log
root@65shelbycobra:/var/log/letsencrypt# vi letsencrypt.log
root@65shelbycobra:/var/log/letsencrypt# rm *
root@65shelbycobra:/var/log/letsencrypt# /home/ubuntu/Download/letsencrypt/letsencrypt-auto -vv --apache --renew-by-default --email hackerace@gmail.com --agree-tos -d 65shelbycobra.com > letsencryptrenewstring.txt
bash: /home/ubuntu/Download/letsencrypt/letsencrypt-auto: No such file or directory
root@65shelbycobra:/var/log/letsencrypt# /home/ubuntu/Downloads/letsencrypt/letsencrypt-auto -vv --apache --renew-by-default --email hackerace@gmail.com --agree-tos -d 65shelbycobra.com > letsencryptrenewstring.txt
Failed authorization procedure. 65shelbycobra.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found ‘65shelbycobra.com
root@65shelbycobra:/var/log/letsencrypt# vi letsencrypt.log
2016-03-05 19:08:56,639:DEBUG:letsencrypt.cli:Root logging level set at 10
2016-03-05 19:08:56,643:INFO:letsencrypt.cli:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-03-05 19:08:56,646:DEBUG:letsencrypt.cli:letsencrypt version: 0.4.2
2016-03-05 19:08:56,650:DEBUG:letsencrypt.cli:Arguments: [’-vv’, ‘–apache’, ‘–renew-by-default’, ‘–email’, ‘hackerace@gmail.com’, ‘–agree-tos’, ‘-d’, ‘65shelbycobra.com’]
2016-03-05 19:08:56,653:DEBUG:letsencrypt.cli:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-03-05 19:08:56,660:DEBUG:letsencrypt.cli:Requested authenticator apache and installer apache
2016-03-05 19:08:57,061:DEBUG:letsencrypt.display.ops:Single candidate plugin: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = letsencrypt_apache.configurator:ApacheConfigurator
Initialized: <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7fd470b3b610>
Prep: True
2016-03-05 19:08:57,066:DEBUG:letsencrypt.cli:Selected authenticator <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7fd470b3b610> and installer <letsencrypt_apache.configurator.ApacheConfigurator object at 0x7fd470b3b610>
2016-03-05 19:08:57,086:DEBUG:letsencrypt.cli:Picked account: <Account(1ab5f81ea4a3c41a9ffa5421ed08ee4e)>
2016-03-05 19:08:57,091:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-03-05 19:08:57,100:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-03-05 19:08:57,293:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 263
2016-03-05 19:08:57,301:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘263’, ‘Expires’: ‘Sat, 05 Mar 2016 19:09:07 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Sat, 05 Mar 2016 19:09:07 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘9WCaLcCikp-aV_t8PATDiIYwGFDo2qys2V4sLZs0cmY’}. Content: '{“new-authz”:“https://acme-v01.api.letsencrypt.org/acme/new-authz",“new-cert”:“https://acme-v01.api.letsencrypt.org/acme/new-cert”,“new-reg”:“https://acme-v01.api.letsencrypt.org/acme/new-reg”,“revoke-cert”:"https://acme-v01.api.letsencrypt.org/acme/revoke-cert”}'
2016-03-05 19:08:57,306:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘263’, ‘Expires’: ‘Sat, 05 Mar 2016 19:09:07 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Sat, 05 Mar 2016 19:09:07 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘9WCaLcCikp-aV_t8PATDiIYwGFDo2qys2V4sLZs0cmY’}): '{“new-authz”:“https://acme-v01.api.letsencrypt.org/acme/new-authz",“new-cert”:“https://acme-v01.api.letsencrypt.org/acme/new-cert”,“new-reg”:“https://acme-v01.api.letsencrypt.org/acme/new-reg”,“revoke-cert”:"https://acme-v01.api.letsencrypt.org/acme/revoke-cert”}'
2016-03-05 19:08:57,314:INFO:letsencrypt.cli:Auto-renewal forced with --force-renewal…
2016-03-05 19:08:57,461:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0014_key-letsencrypt.pem
2016-03-05 19:08:57,469:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0014_csr-letsencrypt.pem
@ @ @ @ @ @