Certbot gives certificate to my domain registrar and not me

OriginMayo · 2018-03-21 00:22:39 UTC

so i used certbot, i tried to make it use my domain - for simplicity > certbot xxxxx -d mydomain.se
and then when i get into the website it wont let me in at all since the certificate came out to be on my registrar (egensajt.se)

(error msg. : NET::ERR_CERT_COMMON_NAME_INVALID)

i think this happened because i turned of my 80 port since certbot wants to use that when it does the stuff that does the stuff and thus when i ping mydomain.se it will ping the registrar and not me…

how can i go about my way to solve this issue?

my setup is like this
VPS with Ubuntu 17.10 + LAMP + HTTPS/HSTS + TLS (443/80)
Registrar with my domain (egensajt.se)
Certbot

i started this project to learn my way into the web stuff and now im kind of stuck for the 3rd time after learning about A Records and Cnames and stuffs

Any sort of help is appreciated really thanks!

Osiris · 2018-03-21 00:48:32 UTC

By telling us the exact certbot command you ran and exactly the output of that command.
We can’t just go and guess what happened, crystall globes don’t actually work you know.

stevenzhu · 2018-03-21 05:50:20 UTC

We also need your domain name. Not masked.version.

Aside from command line problems, which @Osiris already requested , have you checked your DNS records? (Make sure no redirect, park page are in place)

Thank you

stevenzhu · 2018-03-21 12:49:28 UTC

Okay.

The issue is you are using a certificate which only contain common name of gridux.se, the error message appears when you are using www.gridux.se (you didn’t have that as a alt. name)
That’s why you see the error message.

You would need to run sudo certbot certonly --standalone --preferred-challenges http -d gridux.se -d www.gridux.se to include all your websites.

Thank you
@OriginMayo

OriginMayo · 2018-03-21 12:53:31 UTC

0 0,12 * * * python -c ‘import random; import time; time.sleep(random.random() * 3600)’ && ./path/to/certbot-auto renew

is my cron job.

what can i do to fix the caching issue?

update : @stevenzhu
tried with the command you gave me

sudo certbot certonly --standalone --preferred-challenges http -d gridux.se -d www.gridux.se

i cant do it, it gives me an error that it cant access port 80 so i shut down the apache2 server but then if i ping my domain it pings to egensajt.se and not my VPS so it will still give the certificate to egensajt.se and not me…

bytecamp · 2018-03-21 13:02:12 UTC

Certbot does not give anything out. If your domain name is not delegated to your VPS (via A record), you can only use dns-01 authorization. I also would not use the standalone method if you actually have a webserver software running on that system.

stevenzhu · 2018-03-21 13:02:14 UTC

You also need to add www.gridux.se and point to your gridux.se ip.
(Which if you don’t, you will need to remove www redirection to avoid any certificate error appeared on www site and not use your www site)

Thank you

OriginMayo · 2018-03-21 13:05:50 UTC

then what should i do @bytecamp i am new to this whole ssl thing

@stevenzhu i guess i would add that in my 000-default-something.conf in system-available yes?

stevenzhu · 2018-03-21 13:07:12 UTC

You will need to add the www domain to your http and https conf in your file.

add ip for www site to your dns provider.

Then rerun the command i showed you.

Thank you

bytecamp · 2018-03-21 13:08:23 UTC

First of all, fix your DNS settings as stevenzhu already described.
gridux.se and www.gridux.se must point to the ip address of your VPS.

OriginMayo · 2018-03-21 13:16:52 UTC

ok the a record is set to www by standard in the dns settings and its pointing to my ip since the beginning
@bytecamp @stevenzhu

@
Subdomän
103.105.48.228
Adress
3600
TTL

www
Subdomän
103.105.48.228
Adress
3600
TTL

i have this in my virtual host file

Redirect permanent “/” "https://gridux.se/"
im assuming i need to add another line like this
Redirect ~~ “/” "https://www.~~"
am i correct?

bytecamp · 2018-03-21 13:21:20 UTC

I currently see no problem with your certificate. It is valid for gridux.se and www.gridux.se, no warnings or error messages in Firefox.

OriginMayo · 2018-03-21 13:23:16 UTC

im getting “Your connection is not private” in chrome and when i click the lock icon it tells me the certificate is for egensajt.se @bytecamp

update : it seems im having problems with chrome. i download firefox and its working?!?

bytecamp · 2018-03-21 13:25:26 UTC

The dns records are most likely cached on your side. Either flush any dns cache or wait a day. Or you did not close all instances of Chrome and it did not reload your website correctly.

stevenzhu · 2018-03-21 13:28:48 UTC

Hi,

The IP address is not correct for me

For my DNS queries, it still show your registrar’s IP.

P.S. However it seems your domain records need some time to update. Please wait for that to update. (Since your SOA shows the IP are correct now)

Thank you

OriginMayo · 2018-03-21 13:34:32 UTC

@bytecamp i tried to clear the dns host cache but it didnt work

went to chrome://net-internals/#dns and pressed the clear cache button

@stevenzhu ok i will relax for a bit lets see how this works out

OriginMayo · 2018-03-21 13:43:09 UTC

@bytecamp @stevenzhu

do i have to add anything to my nameservers? atm they are all on the registrars own names (egensajt.se)

bytecamp · 2018-03-21 13:45:51 UTC

You don’t need to do anything:

https://unboundtest.com/m/A/gridux.se/RKYXL45K
https://unboundtest.com/m/A/www.gridux.se/NXXU7ISP

Both domains point to the correct location.

Besides: unless you know what you are doing, don’t mess with DNS at all.

OriginMayo · 2018-03-21 13:49:18 UTC

ah good to know, starting to get a hang of things here now
also - im doing this so that i can learn something. how am i supposed to learn if i am not doing anything?

stevenzhu · 2018-03-21 14:26:52 UTC

This process is barely hard (confusing) if you saw those “helpful” tutorials.

However it’s not hard at all.

So… I can’t think anything that’s actually hard.