Certbot - Misconfigured DNS Results in Failed Challenge

Hello. It’s the first time that I’m using the Let’s encrypt with nginx and i encounter a problem. I have created two different Vhosts under /etc/nginx/sites-enabled/ which look like :slight_smile:

example.com

server {
listen 80;
server_name example.com;
}

server {
listen 443 ssl;
server_name example.com;

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

# Path to the root of your installation
root /var/www/html/;
...

cloud.example.com

upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;
}

server {
listen 80;
server_name cloud.example.com;
}

server {
listen 443 ssl;
server_name cloud.example.com;

ssl_certificate /etc/letsencrypt/live/cloud.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.example.com/privkey.pem;

add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

# Path to the root of your installation
root /var/www/cloud/;
...

I created both of the certificates with the letsencrypt-auto command.

The problem is that while the cloud.example.com works as expected , example.com returns me this error in chrome.

NET::ERR_CERT_COMMON_NAME_INVALID

Am i mistaken somewhere ?
Any idea is welcomed.

Thank you,

Hi @arronar,

It should be easy to debug the issue if you provide your real domain name.

Yo can start checking the cert used in nginx for example.com.

openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -noout -text | grep DNS:

The output should show one DNS:example.com.

Also, check that your nginx is really serving the right cert:

echo | openssl s_client -connect example.com:443 -servername example.com | openssl x509 -noout -text |grep DNS:

The same, the output should show one DNS:example.com.

If it is not true, maybe your nginx is not loading the example.com conf.

Cheers,
sahsanu

Thank you very much. After some hours i realized that it was a miss-configuration in DNS A records.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.