Trying to get certificates for a couple other domains I added
**george@dell-emc** : **~** $ sudo su
[sudo] password for george:
root@dell-emc:/home/george# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: groupfinder.cc
2: www.groupfinder.cc
3: www.techmasterdesign.com
4: wavebuddha.com
5: www.wavebuddha.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/www.techmasterdesign.com.conf)
It contains these names: www.techmasterdesign.com
You requested these names for the new certificate: groupfinder.cc,
www.groupfinder.cc, www.techmasterdesign.com, wavebuddha.com,
www.wavebuddha.com.
Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for groupfinder.cc
http-01 challenge for wavebuddha.com
http-01 challenge for www.groupfinder.cc
http-01 challenge for www.wavebuddha.com
Waiting for verification...
Challenge failed for domain wavebuddha.com
Challenge failed for domain www.wavebuddha.com
http-01 challenge for wavebuddha.com
http-01 challenge for www.wavebuddha.com
Cleaning up challenges
Some challenges have failed.
**IMPORTANT NOTES:**
- The following errors were reported by the server:
Domain: wavebuddha.com
Type: connection
Detail: Fetching
http://wavebuddha.com/.well-known/acme-challenge/rADl14D7JZeELH6nA4IahwEo1iGP165Fac0cEff8NuM:
Timeout during connect (likely firewall problem)
Domain: www.wavebuddha.com
Type: connection
Detail: Fetching
http://www.wavebuddha.com/.well-known/acme-challenge/Ng55jJJ0dytYTNkAI7O7btDCtfmVda6L9rjS5Sd84PE:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
root@dell-emc:/home/george#
Yeah i’m thinking of doing the iFrame thing but then again that’s exactly what godaddy forwarding does which gets rid of the stuff after the / in the URL bar.
Definitely an issue here. Your general forward will prevent the Let’s Encrypt server from being able to access the challenge files for wavebuddha.com. Is there even any hosting connected to wavebuddha.com?
woah I got it working with wavebuddha.com. There is no domain masking, just a simple forward on godaddy and it displays the url wavebuddha.com the entire time, now all I need is the certificate to work.
Here’s what I did:
on godaddy, I created an A record which points to my IP address (dynamic unfortunately, but I can live with changing it).
Now getting new errors after adding my IP to the A record of www.wavebuddha.com
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for wavebuddha.com
http-01 challenge for www.wavebuddha.com
Waiting for verification...
Challenge failed for domain wavebuddha.com
Challenge failed for domain www.wavebuddha.com
http-01 challenge for wavebuddha.com
http-01 challenge for www.wavebuddha.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: wavebuddha.com
Type: unauthorized
Detail: Invalid response from
https://www.techmasterdesign.com/wavebuddha/ [47.6.109.242]:
"<!DOCTYPE html>\r\n<html class=\"no-js\"
lang=\"zxx\">\r\n\r\n<head>\r\n <meta charset=\"utf-8\">\r\n
<meta name=\"author\" content=\"WaveBud"
Domain: www.wavebuddha.com
Type: unauthorized
Detail: Invalid response from
https://www.techmasterdesign.com/wavebuddha/ [47.6.109.242]:
"<!DOCTYPE html>\r\n<html class=\"no-js\"
lang=\"zxx\">\r\n\r\n<head>\r\n <meta charset=\"utf-8\">\r\n
<meta name=\"author\" content=\"WaveBud"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
root@dell-emc:/home/george#
I’m not sure that your configuration changes will have any impact if godaddy is redirecting using 184.168.131.241. Usually using two A records only works for rotation for load-balancing purposes.
added a CNAME for WWW with value techmasterdesign.com for the domain wavebuddha.com and it seems to work now (make sure to clear your cache). I’m kind of amazed the apache can take root level domain forwards and still take you to the right folder, but it makes sense since the documentroot is set for the domain in the .conf file in sites-available. Now if only I could get that damn certificate working lol.
after adding the WWW CNAME record i’m now only getting 1 error from certbot:
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: wavebuddha.com
Type: connection
Detail: Fetching
http://wavebuddha.com/.well-known/acme-challenge/4ceVUSmI_0ZCy6jzY67VFXTNNsp5vGIvmyE_F79typI:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Oh and i’m pretty sure that ghostly URL forward from groupfinder.cc still exists.
I think that ProxyPass line was causing the weird redirect because I got rid of that and groupfinder.cc seems to work differently now. Will mess around with wavebuddha CNAME trying to get the certbot to not return errors too. PROGRESS! YAY!
He did actually get the “redirect” to work. The result is actually a folder on techmaster (hence the wrong certificate being served). Even the links to products work.
If he can get the certificate with ALL of the domains installed on techmaster, this spaghetti monstrosity might actually work.
groupfinder.cc is saying connection not private: NET::ERR_CERT_COMMON_NAME_INVALID
and 50% chance of wavebuddha.com working right. I think that
ProxyPass / www.techmasterdesign.com/groupfinder
line we added to groupfinder.conf in sites available was somehow responsible for the weird redirect because once i got rid of it, the invalid cert page started showing on chrome. I just don’t know where to go from here to get the certificates working.
I’ve been doing this for a long time (longer than I care to mention).
NEVER use URL redirection from a domain name provider (when you can do it better/right yourself).
The content has an “action bar” at the top which uses the full link paths to https://www.techmasterdesign.com/groupfinder/{some.file.name}.php
I can’t override that - even with NGINX and sub_filter.
You really need to “let go” of the site1 and ONLY use site2.
That may require some downtime while you rewrite the code
But you will be all the better for it down the road.
You can always place a “we moved” sign at the old address (or just forward it within html).