Add domain to existing cert failing


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: bitsnbows.com

I ran this command: /opt/letsencrypt/certbot-auto certonly --manual --debug-challenges -d lucidcirc.us,www.lucidcirc.us,lucidcircus.us,www.lucidcircus.us,products.lucidcircus.us,stage.lucidcircus.us,bitsnbows.com,www.bitsnbows.com

It produced this output:
Cleaning up challenges

Failed authorization procedure. bitsnbows.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://bitsnbows.com/.well-known/acme-challenge/QmOy6bzASLhsoWgiyPKb6vklAzyTYk4b1aDu_naXVmw: “<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p”

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: bitsnbows.com

Type: unauthorized

Detail: Invalid response from

http://bitsnbows.com/.well-known/acme-challenge/QmOy6bzASLhsoWgiyPKb6vklAzyTYk4b1aDu_naXVmw:

"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML

2.0//EN">\n<html><head>\n<title>404 Not

Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

To fix these errors, please make sure that your domain name was

entered correctly and the DNS A/AAAA record(s) for that domain

contain(s) the right IP address.

My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2018-04-18T14:53:04

The operating system my web server runs on is (include version):
Ubuntu 16.04.3 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0


#2

Hi @lkulberda

I didn’t checked the other domains. But this domain has ipv4 and ipv6 - addresses https://check-your-website.server-daten.de/?q=bitsnbows.com

Host T IP-Address is auth. ∑ Queries ∑ Timeout
bitsnbows.com A 45.33.68.15 yes 1 0
AAAA 2600:3c03::f03c:91ff:fedb:4999 yes
www.bitsnbows.com A 45.33.68.15 yes 1 0
AAAA yes

And there are different answers and servers:

Domainname Http-Status redirect Sec. G
http://bitsnbows.com/
45.33.68.15 200 0.220 H
http://bitsnbows.com/
2600:3c03::f03c:91ff:fedb:4999 403 0.216 M
Forbidden
http://www.bitsnbows.com/
45.33.68.15 200 0.220 H
https://bitsnbows.com/
45.33.68.15 400 2.437 N
Bad Request
Certificate error: RemoteCertificateNameMismatch
https://bitsnbows.com/
2600:3c03::f03c:91ff:fedb:4999 200 2.954 N
Certificate error: RemoteCertificateNameMismatch
https://www.bitsnbows.com/
45.33.68.15 400 2.157 N
Bad Request
Certificate error: RemoteCertificateNameMismatch
http://bitsnbows.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
45.33.68.15 404 0.220 A
Not Found
http://bitsnbows.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2600:3c03::f03c:91ff:fedb:4999 404 0.203 A
Not Found
http://www.bitsnbows.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
45.33.68.15 404 0.217 A
Not Found

Such different answers are not good.

K http://bitsnbows.com/ 45.33.68.15, Status 200
http://bitsnbows.com/ 2600:3c03::f03c:91ff:fedb:4999, Status 403
configuration problem - different ip addresses with different status
K https://bitsnbows.com/ 45.33.68.15, Status 400
https://bitsnbows.com/ 2600:3c03::f03c:91ff:fedb:4999, Status 200
configuration problem - different ip addresses with different status

Your ipv4 has a

Server: Apache/2.4.18 (Ubuntu)

your ipv6 a

Server: Apache/2.2.15 (CentOS)

So perhaps this is a server of your hosting or something else.

Perhaps remove the ipv6 address.


#3

@JuergenAuer

d’oh! Stupid copy/paste error that i’ve been staring at for hours. Thanks so much for the quick response and resolution!

lk


#4

Not all names return IPv6 addresses.
Some only have IPv4.
[if that helps any]


closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.