Certificate not trusted on alternate domain/domain not detected by certbot (https line through it)

Help
225

I M P O S S I B L E
Do you even know how to verify that statement?

1 Like
226

cleared browser cache and went to the domains:

Only problem now is:

It seems that certbot has trouble generating a cert for wavebuddha.com, and I dunno if it’s just not proceeding to groupfinder.cc because of the problem with wavebuddha, or if it thinks there’s already a cert for wavebuddha (because its not working if there is)

when running certbot --apache:

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: wavebuddha.com
   Type:   unauthorized
   Detail: Invalid response from
   https://www.techmasterdesign.com/wavebuddha/ [47.6.109.242]:
   "<!DOCTYPE html>\r\n<html class=\"no-js\"
   lang=\"zxx\">\r\n\r\n<head>\r\n    <meta charset=\"utf-8\">\r\n
   <meta name=\"author\" content=\"WaveBud"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
1 Like
227 
Name:    wavebuddha.com
Addresses:  184.168.131.241
          47.6.109.242

Name:    groupfinder.cc
Addresses:  47.6.109.242
          184.168.131.241

Both are 50/50 chances ! ! !

1 Like
228

Do I really need to repeat myself?

1 Like
229

Ok look 184.168.131.241 is the IP that handles the A record for the groupfinder.cc and 47.6.109.242 handles www.groupfinder.cc. I am just going to have to pay for a static IP. At first I thought they were 50/50 chances but they’re just the A record for WWW and CNAME for @.

2 Likes
230

I refer you to post #17 (you might have to scrooooll back a bit)

2 Likes
231

Do you hear yourself?

2 Likes
232

lol I don’t see any other way other than manually updating the A records or using this script which uses the godaddy API: https://github.com/CarlEdman/godaddy-ddns. I mean manually rewriting all the links on thousands of pages of forum software is out of the question.

2 Likes
233

Try linking to the new site via “www.groupfinder.cc”
The “www” should be able to hold a CNAME to your server.

Get that to work first.

I really think you will find that you have bigger fish to fry than a static IP.

1 Like
234

Alright, i’ll try getting rid of the godaddy forward for wavebuddha (which creates an A name - this is the site with the certbot error) and just leave these two:

A @ 47.6.109.242 600 seconds Edit
CNAME www techmasterdesign.com 600 seconds

and it that works ill repeat the process for wavebuddha

1 Like
235

Trying to "one-size-fits-all" with URL redirection (via third party) will ultimately fail to give you all the clicks to expected content that you expect.
Needless to say (again) you will create a problem for LE HTTP validation - which means you will have to use DNS validation (or pay GD for a cert).

2 Likes
236

Paying for a static IP is dumb when I can just use that script (https://github.com/CarlEdman/godaddy-ddns). Also, you’re right, I was overcomplicating the fuck out of the godaddy domain management and didn’t need the forward at all. Here are the records for wavebuddha.com:

Records

Last updated 13/09/20 10:01 PM

Type Name Value TTL Actions
A @ 47.6.109.242 600 seconds Edit
CNAME www techmasterdesign.com 600 seconds Edit
4 Likes
237

I do my own DNS, rDNS, proxy, hosting, firewall, IPv4, IPv6, etc. etc. etc.

Been there, done that.

3 Likes
238

The hardest thing that took me a while to understand was putting techmasterdesign.com and my IP in the CNAME and A records for www.wavebuddha.com and then creating the sites-available/wavebuddha.conf files with documentroots. Even though the domain is forwarding to my ip which you would think would take you to the root and not the subfolder wavebuddha, apache handles the request and sends you to the proper documentroot because of the configuration. You helped me understand this, and I thank you for that. Kudos.

2 Likes
239

I’m in the process of creating my own proxy to your folder.
But my site uses HSTS and requires a valid cert which has me waiting for global DNS to sync to allow LE to see the new name and IP created for this purpose.
[that was a mouthful]
In a preliminary test (HTTP only), the proxied site still has issues because the links in the top bar don’t get rewritten to the new site name:

image
image935×170 10.8 KB

2 Likes
240

Finally spotted that, huh? :upside_down_face: You were moving so fast, I couldn't wait for the dust to settle. Must eat now...

3 Likes
241

Yeah lol :(. Took me long enough (so hungover).

1 Like
242

It makes sense that the links all have techmasterdesign.com/groupfinder in them and they need to have groupfinder.cc/ in them. I can look in the forum backend to see if I can change the global URL (usually possible).

2 Likes
243

GD likes to keep ppl in the dark and do things for them - that keeps them in business.

I like to do (computer related) things for by myself for myself.
My DNS and rDNS zones are signed too :slight_smile: [probably don’t know WTF I’m talking about]

3 Likes
244

I think this may come into play eventually. :smiling_imp:

3 Likes