Certbot - Misconfigured DNS Results in Failed Challenge

arronar · May 18, 2017, 2:45pm

Hello. It's the first time that I'm using the Let's encrypt with nginx and i encounter a problem. I have created two different Vhosts under /etc/nginx/sites-enabled/ which look like

example.com

server {
listen 80;
server_name example.com;
}

server {
listen 443 ssl;
server_name example.com;

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

# Path to the root of your installation
root /var/www/html/;
...

cloud.example.com

upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;
}

server {
listen 80;
server_name cloud.example.com;
}

server {
listen 443 ssl;
server_name cloud.example.com;

ssl_certificate /etc/letsencrypt/live/cloud.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.example.com/privkey.pem;

add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

# Path to the root of your installation
root /var/www/cloud/;
...

I created both of the certificates with the letsencrypt-auto command.

The problem is that while the cloud.example.com works as expected , example.com returns me this error in chrome.

NET::ERR_CERT_COMMON_NAME_INVALID

Am i mistaken somewhere ?
Any idea is welcomed.

Thank you,

sahsanu · May 18, 2017, 5:33pm

Hi @arronar,

It should be easy to debug the issue if you provide your real domain name.

Yo can start checking the cert used in nginx for example.com.

openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -noout -text | grep DNS:

The output should show one DNS:example.com.

Also, check that your nginx is really serving the right cert:

echo | openssl s_client -connect example.com:443 -servername example.com | openssl x509 -noout -text |grep DNS:

The same, the output should show one DNS:example.com.

If it is not true, maybe your nginx is not loading the example.com conf.

Cheers,
sahsanu

arronar · May 19, 2017, 7:58am

Thank you very much. After some hours i realized that it was a miss-configuration in DNS A records.

system · June 18, 2017, 7:58am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID Help	4	17526	April 14, 2017
Installed let's encrypt certificate and the site became unavailable (This site can’t be reached), Ubuntu 16.04, nginx Help	20	1686	August 22, 2020
SSL Certificate Name Mismatch CentOS 6.8 Help	9	3220	April 2, 2017
The https not working after create letsencrypt Help	3	733	June 7, 2019
Problem installing a letsencrypt SSL when there is a SSL certificate bought at a vendor Help	3	1411	August 21, 2017

Certbot - Misconfigured DNS Results in Failed Challenge

Related topics