Certificate on old Server

Wonder if you could help. I have a client who has asked me to host their website. They have redirected the site to my IP and it works fine. I can't issue a certificate for the site and I think this is because the site has one issued already on their old server which they don't have access too. Is there a way around this please?

Thanks,

Mike

Previously issued certificates per se can't obstruct issuance for a new certificate. However, rate limits do apply if too many certificates are issued in a very short time frame. This is however unlikely if your client has only issued one certificate per 60 days, as is the norm.

Could you please share the exact trouble you're running into?

Also, I'm moving your thread to the #Help section, as I believe it's more appropriate there. In that section, you would have been presented with the following questionnaire. Please answer each question to the best of your knowledge or, if you don't know an answer, please mention that:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi @mike100001

there are not enough informations.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Thanks for the replies.

I have 6 other sites on this server all running Lets Encrypt so I don't think there is a config error. I just tried installing one on a sub domain and it worked fine.

My domain is: type-r-owners.co.uk

I ran this command: requested a certificate through Plesk

It produced this output:

Could not issue an SSL/TLS certificate for type-r-owners.co.uk
Details

Could not issue a Let's Encrypt SSL/TLS certificate for type-r-owners.co.uk . Authorization for the domain failed.

Details

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/10253927691.

Details:

Type: urn:ietf:params:acme:error:connection

Status: 400

Detail: Fetching https://type-r-owners.co.uk/.well-known/acme-challenge/7V7RRmWAB6YMBFx64-be9dHw5Flj-K_08KIYQl82bCM: Error getting validation data

My web server is (include version): 1 and 1 VPS

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: 1 and 1

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Plesk Obsidian 18.0.32

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Not sure

type-r-owners.co.uk has an AAAA DNS resource record set for IPv6. That address isn't functioning:

osiris@erazer ~ $ curl -Lkv6 http://type-r-owners.co.uk/.well-known/acme-challenge/7V7RRmWAB6YMBFx64-be9dHw5Flj-K_08KIYQl82bCM
*   Trying 2a02:2b90:300::1337:80...
* connect to 2a02:2b90:300::1337 port 80 failed: No route to host
* Failed to connect to type-r-owners.co.uk port 80: No route to host
* Closing connection 0
curl: (7) Failed to connect to type-r-owners.co.uk port 80: No route to host
osiris@erazer ~ $ 

The Let's Encrypt validation server prefers IPv6. Please fix the IPv6 connectivity to that host or, if that's not possible, remove the AAAA DNS record.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.