Certbot verifying wrong domain

Help
1

My domain is:
smsc.dopler.rs

I ran this command:
certbot certonly --nginx -d smsc.dopler.rs

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for smsc.dopler.rs
nginx: [warn] conflicting server name “" on 0.0.0.0:80, ignored
Waiting for verification…
Challenge failed for domain smsc.dopler.rs
http-01 challenge for smsc.dopler.rs
Cleaning up challenges
nginx: [warn] conflicting server name "” on 0.0.0.0:80, ignored
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: smsc.dopler.rs
    Type: unauthorized
    Detail: Invalid response from
    https://www.dopler.rs/smsc/.well-known/acme-challenge/68I52S1I3deRZ3evyQPH3s3Svn_O_IlBo5sbw87DMJA/
    [2a01:4f8:192:51b3::2]: “<!doctype html>\n\n\n<meta
    charset=“utf-8”>\nStranica nije pronađena |
    Dopler\n<meta name=“description” c”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):
nginx/1.12.2

The operating system my web server runs on is (include version):
CentOS Linux release 7.3.1611 (Core)

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.0.0

As you can see, it redirects to the wrong URL (www.dopler.rs) and, of course, the validation fails because that domain is on another server. Also, validation file is not created in the document root.

HTTP server config:
server {
listen 80;
server_name smsc.dopler.rs;
access_log /sms/www/logs/smsc/access_log;
error_log /sms/www/logs/smsc/error_log;
root /sms/www/smsc.dopler.rs;
include conf.d/php.inc;
}

ls -lha /sms/www/smsc.dopler.rs

total 12K
drwxr-xr-x 2 root root 4,0K јан 30 22:01 .
drwxr-xr-x 15 root root 4,0K јан 30 22:00 …
-rw-r–r-- 1 root root 16 јан 30 22:01 index.php

DNS seems OK:

dig smsc.dopler.rs

;; ANSWER SECTION: smsc.dopler.rs. 14400 IN A 217.26.75.134

If I try to connect with the browser to smsc.dopler.rs, it returns the correct page.

So, any idea why is this happening?

Thanks!

2

Hi @kanazir

that's the result of your configuration. First, you have to fix that problem

Then, you have ipv4 and ipv6 - https://check-your-website.server-daten.de/?q=smsc.dopler.rs

Host T IP-Address is auth. ∑ Queries ∑ Timeout
smsc.dopler.rs A 217.26.75.134 Belgrade/Central Serbia/Serbia (RS) - BeotelNet-ISP d.o.o Hostname: mail.starionbgd.com yes 1 0
AAAA 2a01:4f8:192:51b3::2 Falkenstein/Saxony/Germany (DE) - Hetzner Online GmbH yes
www.smsc.dopler.rs A 217.26.75.134 Belgrade/Central Serbia/Serbia (RS) - BeotelNet-ISP d.o.o Hostname: mail.starionbgd.com yes 1 0
AAAA 2a01:4f8:192:51b3::2 Falkenstein/Saxony/Germany (DE) - Hetzner Online GmbH yes

Looks these are different servers. Letsencrypt prefers ipv6.

And ipv6 + /.well-known/acme-challenge is redirected to your other domain. Check the Url-check output.

The result is

 https://www.dopler.rs/smsc/.well-known/acme-challenge/random-filename

Fix your duplicated server block configuration. Perhaps remove your ipv6.

3

That was it! Thank you!

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.