I'm setting up a cert for a new mastodon instance with the Digital Ocean premade Mastodon droplet image with letsencrypt preinstalled. I already have a similar wordpress droplet running with working letsencrypt at the base of my domain: ericrie.se
I'm setting up the mastodon instance at toot.ericrie.se.
I can ssh into it at that subdomain. < That was only because I manually changed my /etc/hosts
so I didn't have to wait for it to propogate.
I have an A record for ericrie.se pointing to that wordpress instances IP.
I added an A record for toot.ericrie.se pointing to the mastodon instance.
The problem seems to be that when running letsencrypt
for toot.ericrie.se it's using the IP for ericrie.se
When first setting up the instance, the DNS change hadn't propogated so that had created other issues because I have a wildcard entry in my zone file so that *.ericrie.se points to the wordpress vps, so toot.ericrie.se was originally pointing there. So I'm guessing that got cached somewhere.
My DNS might be in a weird state. I previously switched to digital ocean's nameservers from those of my registrar, gandi.net. I had 2 CNAME entries for gandi's "Web Forwarding" service which are still working but they don't show up in Digital Ocean's web interface.
My domain is:
[toot.]ericrie.seI ran this command:
letsencryptIt produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: toot.ericrie.se
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for toot.ericrie.se
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. toot.ericrie.se (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 104.236.33.172: Invalid response from http://toot.ericrie.se/.well-known/acme-challenge/D6u8iaHzV13ABHP0CrGMg2zisfbmMCn2zm1ZuiecZe4: 404
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: toot.ericrie.se
Type: unauthorized
Detail: 104.236.33.172: Invalid response from
http://toot.ericrie.se/.well-known/acme-challenge/D6u8iaHzV13ABHP0CrGMg2zisfbmMCn2zm1ZuiecZe4:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
nginxThe operating system my web server runs on is (include version):
ubuntu 18.04My hosting provider, if applicable, is:
digital oceanI can login to a root shell on my machine (yes or no, or I don't know):
yesI'm using a control panel to manage my site (no, or provide the name and version of the control panel):
noThe version of my client is (e.g. output of
certbot --version
orcertbot-auto --version
if you're using Certbot):
0.27.0