-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
With multiple domains, key mismatch for snakeoil cert #923
Comments
I'm also getting this error. I invoked the client simply with "letsencrypt", having the nginx plugin installed, and selected multiple domains. Then I get this error:
And after that:
For a single domain, it also works for me. |
i've seen this issue on an ubuntu server with openssl 1.0.1f but moving the cert and key to a parabola server with openssl 1.0.2d worked correctly |
but i got the same error on ubuntu wily with openssl 1.0.2d |
I'm using Arch Linux, and have tried openssl 1.0.2d and 1.0.2e. |
well it may be a nginx error since the same cert loaded+worked fine with dovecot, postfix and prosody |
fails in debian jessie with libssl 1.0.1k and both nginx 1.6 from debian and nginx 1.8 from phusion passenger... |
@jsha these are not the snakeoil certs, could you edit the title? |
@fauno: Could you explain more? You mean the problem is using a snakeoil key with a non-snakeoil cert? |
Jacob Hoffman-Andrews notifications@github.com writes:
you reported the issue for the snakeoil certs, but i'm having the same have you solved it? :> |
Ah, now I get it. The issue is not regarding the staging certs ("happy hacker fake CA"), but regarding the self-signed (snakeoil) certs that the letsencrypt client creates locally to solve the TLS-SNI challenge. |
the error i see is with the live certs:
|
That's a different problem, probably related to the configuration of your Nginx. Please post about it on https://community.letsencrypt.org/, including the relevant sections of your Nginx configuration. |
This doesn't happen with a single domain. Poking around, it looks like multiple snakeoil keys are created but only one cert, which is probably the reason for the mismatch.
The text was updated successfully, but these errors were encountered: