Certbot gives certificate to my domain registrar and not me


#1

so i used certbot, i tried to make it use my domain - for simplicity > certbot xxxxx -d mydomain.se
and then when i get into the website it wont let me in at all since the certificate came out to be on my registrar (egensajt.se)

(error msg. : NET::ERR_CERT_COMMON_NAME_INVALID)

i think this happened because i turned of my 80 port since certbot wants to use that when it does the stuff that does the stuff and thus when i ping mydomain.se it will ping the registrar and not me…

how can i go about my way to solve this issue?

my setup is like this
VPS with Ubuntu 17.10 + LAMP + HTTPS/HSTS + TLS (443/80)
Registrar with my domain (egensajt.se)
Certbot

i started this project to learn my way into the web stuff and now im kind of stuck for the 3rd time after learning about A Records and Cnames and stuffs

Any sort of help is appreciated really thanks!


#2

By telling us the exact certbot command you ran and exactly the output of that command.
We can’t just go and guess what happened, crystall globes don’t actually work you know.


#3

We also need your domain name. Not masked.version.

Aside from command line problems, which @Osiris already requested , have you checked your DNS records? (Make sure no redirect, park page are in place)

Thank you


#4

@Osiris
@stevenzhu
i put the ip of my vps into a records - other than that my domain settings are empty i think.
i tried to use the name servers but it wont let me to use a records and name servers at the same time it seems…

my domain is

my domain is gridux.se

i used this command

sudo certbot certonly --standalone --preferred-challenges http -d gridux.se
(https://www.digitalocean.com/community/tutorials/how-to-use-certbot-standalone-mode-to-retrieve-let-s-encrypt-ssl-certificates)

update 1: thats weird - now the certificate jumped to my domain and not the registrar, i havent done anything
update 2: now its back to my registrar again, i got the cron job updating the certificate but idk why it is working at some times and not and gives the registrar domain instead of my own…


#5

Okay.

The issue is you are using a certificate which only contain common name of gridux.se, the error message appears when you are using www.gridux.se (you didn’t have that as a alt. name)
That’s why you see the error message.

You would need to run sudo certbot certonly --standalone --preferred-challenges http -d gridux.se -d www.gridux.se to include all your websites.

Thank you
@OriginMayo


#6

0 0,12 * * * python -c ‘import random; import time; time.sleep(random.random() * 3600)’ && ./path/to/certbot-auto renew

is my cron job.

what can i do to fix the caching issue?

update : @stevenzhu
tried with the command you gave me

sudo certbot certonly --standalone --preferred-challenges http -d gridux.se -d www.gridux.se

i cant do it, it gives me an error that it cant access port 80 so i shut down the apache2 server but then if i ping my domain it pings to egensajt.se and not my VPS so it will still give the certificate to egensajt.se and not me…


#7

Certbot does not give anything out. If your domain name is not delegated to your VPS (via A record), you can only use dns-01 authorization. I also would not use the standalone method if you actually have a webserver software running on that system.


#8

You also need to add www.gridux.se and point to your gridux.se ip.
(Which if you don’t, you will need to remove www redirection to avoid any certificate error appeared on www site and not use your www site)

Thank you


#9

then what should i do @bytecamp i am new to this whole ssl thing

@stevenzhu i guess i would add that in my 000-default-something.conf in system-available yes?


#10

You will need to add the www domain to your http and https conf in your file.

add ip for www site to your dns provider.

Then rerun the command i showed you.

Thank you


#11

First of all, fix your DNS settings as stevenzhu already described.
gridux.se and www.gridux.se must point to the ip address of your VPS.


#12

ok the a record is set to www by standard in the dns settings and its pointing to my ip since the beginning
@bytecamp @stevenzhu

@
Subdomän
103.105.48.228
Adress
3600
TTL

www
Subdomän
103.105.48.228
Adress
3600
TTL

i have this in my virtual host file

Redirect permanent “/” "https://gridux.se/"
im assuming i need to add another line like this
Redirect ~~ “/” "https://www.~~"
am i correct?


#13

I currently see no problem with your certificate. It is valid for gridux.se and www.gridux.se, no warnings or error messages in Firefox.


#14

im getting “Your connection is not private” in chrome and when i click the lock icon it tells me the certificate is for egensajt.se :confused: @bytecamp

update : it seems im having problems with chrome. i download firefox and its working?!?


#15

The dns records are most likely cached on your side. Either flush any dns cache or wait a day. Or you did not close all instances of Chrome and it did not reload your website correctly.


#16

Hi,

The IP address is not correct for me

For my DNS queries, it still show your registrar’s IP.

P.S. However it seems your domain records need some time to update. Please wait for that to update. (Since your SOA shows the IP are correct now)

Thank you


#17

@bytecamp i tried to clear the dns host cache but it didnt work

went to chrome://net-internals/#dns and pressed the clear cache button

@stevenzhu ok i will relax for a bit lets see how this works out


#18

@bytecamp @stevenzhu

do i have to add anything to my nameservers? atm they are all on the registrars own names (egensajt.se)


#19

You don’t need to do anything:

https://unboundtest.com/m/A/gridux.se/RKYXL45K
https://unboundtest.com/m/A/www.gridux.se/NXXU7ISP

Both domains point to the correct location.

Besides: unless you know what you are doing, don’t mess with DNS at all.


#20

ah good to know, starting to get a hang of things here now :smiley:
also - im doing this so that i can learn something. how am i supposed to learn if i am not doing anything?