My best guess is that this issuance process assumes the associated host given in -d blah.blah.com param assume that’s a domain level (and has many hosts under it).
The way I ran it:
./letsencrypt-auto certonly --test-cert --standalone blah.blah.com
How can I get rid of the TLS SNI challege (I love TLS btw, with all the DROWN that’s going on… please don’t BASH me as I don’t have a clue about DROWN’s detail).
My scenario really is just I want to issue a strange certificate for a non-standard (no www. part cert) in the COMMON Name part of the Cert. So, I take it that the onry requires are forward and reverse and client connect to the IP/name-host are conenctable (yes I tested that many times). Because I am not in direct control over the DNS records; is it possible to by-pass any dig result “AUTHORITY: 0” error (wild guess that this TLS SNI challenge may have to do with that).
Please assist in anyway you can (also I am interested to use letsecrypt-aws but I am/want to pretend I’m a python newbie; I git-cloned it but cannot get it to run. And/but I know the exact path to a non-standard ngnix setup/path to install the pem files and know exactly what config file to change. All I really need is that pair of .pem (s) …
Please help, anyone (letsecrypt staff).
(tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge. Found ‘’
The following errors were reported by the server:
Detail: Correct zName not found for TLS SNI challenge. Found ‘’
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.