Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: getafloat.co.uk
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for getafloat.co.uk
http-01 challenge for www.getafloat.co.uk
Using the webroot path /opt/bitnami/apps/wordpress/htdocs for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. getafloat.co.uk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://yoursite.com/ [188.8.131.52]: "\n\n\n\n\n <meta charset=“UTF-8”>\n <meta name=“viewport” content=“width=device-width,”
The following errors were reported by the server:
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): nginx version: nginx/1.14.0 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-47-generic x86_64)
My hosting provider, if applicable, is: DigitalOcean
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): certbot 0.23.0
I’ve been trying to migrate a client’s site from AWS to a new DigitalOcean server, but am running into problems adding their domain to the server’s existing cert. Their domain getafloat.co.uk is registered with 123-reg.co.uk and (at the moment) points to AWS nameservers, which in turn are configured to point to their AWS web server and both www.getafloat.co.uk and getafloat.co.uk correctly resolve. From what I understand my client used an Indian developer/admin to carry out maintenance/config work in the past and back in Feb also got him to update their Let’s Encrypt certificate for the domain, which is currently working on the AWS platform. However, since I could not see certbot installed on the server, I asked him how he installed their Let’s Encrypt cert, but he avoided the question and has not got back to me since.
I’ve been used to using Let’s Encrypt / Cerbot for about a year and a half and feel relatively comfortable installing the software and creating new certs, but admittedly struggle with deeper issues.
I’ve migrate the getafloat.co.uk site from a code and database import level, but am having issues adding the domain onto the existing certificate for their other domain on the server: activities.uk.com (which is working fine).
Specifically, I’ve changed the A records for both www.getafloat.co.uk and getafloat.co.uk to point to the new DigitalOcean server, waited a reasonable time and checked those domain names resolve to the new DigitalOcean server’s IP before trying to add the getafloat domain to the certificate, but am getting this weird error:
However, we have nothing to do with the domain or IP that it says we’re getting an invalid response from: https://yoursite.com/ [184.108.40.206]:
I’m totally guessing but this seems to be a DNS issue, since (when I’ve changed the A records to point to the new DigitalOcean server) www.getafloat.co.uk resolves and correctly delivers/renders the site, but getfloat.co.uk (without the www.) doesn’t and instead redirects to the other (main/default) site on the (DigitalOcean) server activities.uk.com. Trying other options, I then updated the 123-reg.co.uk nameservers to point directly to the DigitalOcean DNS (which I needed to configure anyway), but I still get the same problem.
As it currently stands getafloat is back to its previous configuration, being served from AWS and the 123-reg.co.uk nameservers reset back to point to AWS - to keep my client’s site up.
I’ve informed my client about this issue, but has said he has no idea. He also knows I’m trying to migrate the domain, so I have some leeway with the site being up/down, but obviously would rather keep it up.
I’m really not sure what to do next, but would really appreciate any help anyone might be able to give.
All the best,