0
I am trying in install a certificate on an ubuntu 16.04 system running apache.
super@fulton:~$ sudo certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Which names would you like to activate HTTPS for? ------------------------------------------------------------------------------- 1: fulton.geek.nz ------------------------------------------------------------------------------- Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for fulton.geek.nz Waiting for verification... Cleaning up challenges Failed authorization procedure. fulton.geek.nz (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested dee657b32542a5344ac78e1c213268c6.7a4ba1bb64bebec8e35cb74fa42693a6.acme.invalid from 114.23.222.208:443. Received 1 certificate(s), first certificate had names "fulton.geek.nz" IMPORTANT NOTES: - The following errors were reported by the server: Domain: fulton.geek.nz Type: unauthorized Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested dee657b32542a5344ac78e1c213268c6.7a4ba1bb64bebec8e35cb74fa42693a6.acme.invalid from 114.23.222.208:443. Received 1 certificate(s), first certificate had names "fulton.geek.nz" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
What appears to be happening is that letencrypt challenge is getting the default snakeoil cert back rather that whatever it expects. I know it is getting the snakeoil cert because I replaced it with one with a different dn and the reported name changed.
Any ideas how to figure out what is wrong?