root@svr4:/etc/letsencrypt/accounts# certbot certonly --duplicate --apache --cert-name www.xxxx.com -d www.xxxx.com  -d xxxx.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for www.xxxx.com
tls-sni-01 challenge for xxxx.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. xxxx.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested e85d94f24809cbd6945511bfcd088a60.8c4eac433a8f4349e182e15e83b7e999.acme.invalid from [MyIpv6]:443. Received 1 certificate(s), first certificate had names "*.yyyy.com, yyyy.com", www.xxxx.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested 95fa5578ac77d4bf7314013ddd72d4a5.8f1539a260cfca35f0c418f7fa7d896a.acme.invalid from [MyIpv6]:443. Received 1 certificate(s), first certificate had names "*.yyyy.com, yyyy.com"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: xxxx.com
   Type:   unauthorized
   Detail: Incorrect validation certificate for tls-sni-01 challenge.
   Requested
   e85d94f24809cbd6945511bfcd088a60.8c4eac433a8f4349e182e15e83b7e999.acme.invalid
   from [MyIpv6]:443. Received 1 certificate(s), first
   certificate had names "*.yyyy.com,
   yyyy.com"

   Domain: www.xxxx.com
   Type:   unauthorized
   Detail: Incorrect validation certificate for tls-sni-01 challenge.
   Requested
   95fa5578ac77d4bf7314013ddd72d4a5.8f1539a260cfca35f0c418f7fa7d896a.acme.invalid
   from [MyIpv6]:443. Received 1 certificate(s), first
   certificate had names "*.yyyy.com,
   yyyy.com"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.