Certbot webroot fetching from old domain


#1

My domain is:
zabbix.kisiel.net.pl

I ran this command:
sudo certbot certonly --webroot -w /var/www/html -d zabbix.kisiel.net.pl

It produced this output:
Failed authorization procedure. zabbix.kisiel.net.pl (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://sentinel.uk.to/.well-known/acme-challenge/9XuDPAcrF1NCJJ1xB8ul_iEfJ1R2T5vh_R1uWDDLV-U:

the domain sentinel.uk.to is my old domain

My web server is (include version):
apache2
Apache/2.4.18

The operating system my web server runs on is (include version):
ubuntu 16.04.4 LTS

My hosting provider, if applicable, is:
scaleway

I can login to a root shell on my machine (yes or no, or I don’t know):
sudo

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no


#2

Hi @eleaner

there is a redirect:

D:>download http://zabbix.kisiel.net.pl/ -h
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 207
Content-Type: text/html; charset=iso-8859-1
Date: Sun, 01 Jul 2018 11:26:52 GMT
Location: https://sentinel.uk.to/
Server: Apache

Status: 302 Redirect

So first remove this redirect.


#3

thank you, redirect removed
but the result is still the same

Failed authorization procedure. zabbix.kisiel.net.pl (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://sentinel.uk.to/.well-known/acme-challenge/Ug8ZUrAM7vVrhF6tK1c5hvnPsOvik8x0AfAuChSnSQo: Error getting validation data


#4

my bad, there was a second redirect from https to https
fixed and working.

Thank you!


#5

Yep, Google shows a new letsencrypt-certificate:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:zabbix.kisiel.net.pl&lu=cert_search

Now install it.

PS: Redirecting from http to https - use 301 (moved permanent), not 302 as http-status.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.