My domain is: www.kedrikwinterwolf.com
I ran this command: tried to go to /certbot.php
It produced this output: 404 error, nginx/1.24.0
My web server is (include version): cpanel 118, Apache 2.4.61
The operating system my web server runs on is (include version): linux + perl
My hosting provider, if applicable, is: namecheap
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes 118.0.12
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certsage 1.4.2
1 Like
Welcome to the Let's Encrypt Community!
I'm the author of CertSage.
I couldn't reach certsage.php
.
Did you follow the installation instructions here?
It looks like you have different certificates installed for
kedrikwinterwolf.com
:
versus
www.kedrikwinterwolf.com
:
3 Likes
If the info that @griffin posted does not resolve your problem can you explain how you have CloudFront setup for your www
subdomain?
Your registered domain points directly to a LiteSpeed server (not Apache). Could that be some sort of parking page at a hosting service?
Your www
domain uses AWS CloudFront which will require some care to get a certificate for your origin. It looks like your origin server for this is nginx (not Apache).
I don't want to get too far involved with CloudFront if we don't understand your requirements properly. But, some nginx system would interfere with an ACME HTTP Challenge request
An nginx system redirects the original HTTP request to HTTPS (this is okay but not optimal). Following that redirect you redirect again by modifying the URI into all lowercase.
This is not okay and will cause 404 authentication failures.
curl -i https://www.kedrikwinterwolf.com/.well-known/acme-challenge/TEST404test
HTTP/2 302
location: https://www.kedrikwinterwolf.com/.well-known/acme-challenge/test404test
5 Likes
Hey thank you for the welcome and the quick reply!
I did follow the instructions and the file is renamed to *.PHP in the public folder as instructed.
Do I need to remove the current ssl certs before it will work? They expire in 15 days.
As to why there are different certificates installed I have no idea. I'm tech capable but not savvy in the nitty gritty.
I'm on namecheap basic hosting, using cpanel. I believe the redirect to www is managed on cpanel as well (versus their account interface managed redirect) so maybe I did something wrong there.
1 Like
Hey thank you for coming to help. I'm sure my sites aren't configured well or properly. I just gave info from the "server info" tab on cpanel. It says apache is there but is also says nginx elsewhere...
Regarding the redirects I remember when I set them up that it was finicky and I can't recall why. I had to go into cpanel and force the www redirects there.
On top of that I'm using systeme.io to build the sites so I am sure there's extra weirdness coming from that?
I also at one point tried to do the redirects using cloud flare and I thought I removed the DNS records after I gave up but maybe I didn't? Shoot.
1 Like
AWS CloudFront not Cloudflare
But, yes, start with your DNS and review that both your registered domain and www subdomain point to the same place. Except for very unusual cases that's best.
NameCheap have a URL Redirect service in their DNS panel. Make sure that is disabled so you have A records pointing directly to your IPv4 public IP. And, AAAA records if you have IPv6 support.
5 Likes
I was originally advised to redirect the non www to the www and the www to my site.
Sounds like that's not ideal.
Could that be causing the certsage issue?
The NameCheap URL Redirect service will not work with HTTPS (only with HTTP). So, once you start using certs and HTTPS you must stop using that service. It is really a relic from a long-ago era.
You must get your DNS sorted out first.
There is an HTTP / HTTPS redirect (usually a 301 or 302) that a server like Apache or nginx can do but your DNS needs to correctly point directly to your server to even begin to discuss that.
Yes, if your DNS does not lead towards the server you ran CertSage on it won't work
4 Likes
Ok. I had to retrace my steps.
My domains are held on namecheap, which I have "hosting service" for so that I can use the cpanel which I vaguely remember was how I was told to get around the https redirects issue you mentioned. But I host my site and build on systeme.io
So kedrikwinterwolf.com redirects to www.kedrikwinterwolf.com,
and that directs over to cloudfront, which is the server for systeme.io.
The redirect is a 301 in the cpanel.
Soooo....
If there's an easier way to do all this I'd love that, but I feel like every time I try to fix it it gets broken....
I just want non-www redirected to www which cnames over to systeme/cloudfront.
The struggle is real. Thank you for your patience.
1 Like
If your www name works as you wish can't you just set the DNS for your registered domain to the same IP addresses as you have for www
?
That's the normal way.
Specifically, why doesn't this DNS
dig +noall +answer A kedrikwinterwolf.com
kedrikwinterwolf.com. 154 IN A 67.223.118.146
There are no AAAA addresses
Look like this? Can't you just add kedrikwinterwolf.com
to the "Alternative Domain Names" in your CloudFront distribution Settings?
dig +noall +answer A www.kedrikwinterwolf.com
www.kedrikwinterwolf.com. 43 IN CNAME dkq8pwaih2611.cloudfront.net.
dkq8pwaih2611.cloudfront.net. 43 IN A 52.85.151.72
dkq8pwaih2611.cloudfront.net. 43 IN A 52.85.151.45
dkq8pwaih2611.cloudfront.net. 43 IN A 52.85.151.128
dkq8pwaih2611.cloudfront.net. 43 IN A 52.85.151.78
dig +noall +answer AAAA www.kedrikwinterwolf.com
www.kedrikwinterwolf.com. 36 IN CNAME dkq8pwaih2611.cloudfront.net.
dkq8pwaih2611.cloudfront.net. 60 IN AAAA 2600:9000:201e:3e00:9:bb19:140:93a1
dkq8pwaih2611.cloudfront.net. 60 IN AAAA 2600:9000:201e:4e00:9:bb19:140:93a1
dkq8pwaih2611.cloudfront.net. 60 IN AAAA 2600:9000:201e:7000:9:bb19:140:93a1
dkq8pwaih2611.cloudfront.net. 60 IN AAAA 2600:9000:201e:7600:9:bb19:140:93a1
dkq8pwaih2611.cloudfront.net. 60 IN AAAA 2600:9000:201e:7e00:9:bb19:140:93a1
dkq8pwaih2611.cloudfront.net. 60 IN AAAA 2600:9000:201e:a600:9:bb19:140:93a1
dkq8pwaih2611.cloudfront.net. 60 IN AAAA 2600:9000:201e:b200:9:bb19:140:93a1
dkq8pwaih2611.cloudfront.net. 60 IN AAAA 2600:9000:201e:cc00:9:bb19:140:93a1
3 Likes
I don't to my knowledge have access to the cloudfront settings, systeme.io is the service I pay for, and they manage the cloudfront.
In the systeme dashboard, when I attach a custom domain (www.kedrikwinterwolf.com) it does not accept non-www and there are no settings in the www version to do as you've said.
That said I will contact their support and find out if it's possible to access the cloudfront distribution settings.
1 Like
What I describe is exactly how I have one of my own servers setup. Although, that is just directly using CloudFront and not working with a 3rd party service. (*1)
It seems strange that they wouldn't offer an option to handle both domain names. They look like a full-service hosting provider.
You can't CNAME from a registered domain (DNS does not allow) but you could explicitly list the CloudFront IPs for it. Maybe that's why they don't want you doing that as they would need to keep you informed if they / CloudFront made changes. You could try it and see what happens
It seems unnecessarily complex to run an entire web service just to redirect HTTP and HTTPS requests for a single domain name to another.
(*1) Also, using Route53 is far easier for CloudFront as you can point those domain names to your CloudFront distribution and Route53 figures out the A / AAAA records for you. You don't have to use Route53 it is just easier.
4 Likes
I agree, Systeme does everything else, but it does have limits. An underdog trying to defeat the likes of kartra and clickfunnels.
This is the error I get when I try to add a non-www,
And there are no other settings I can access of significance.
I agree. I thought it a bit of a sloppy hack. I also realize that I probably don't need https redirects for the non-www (www.cedricwinterwolf.com also goes to www.kedrikwinterwolf.com and has the same 301s).
I am wondering if I should simplify it way down, but that would require using the antiquated namecheap redirect you mentioned being no good... so.... Sort of stuck?
I think this is what I was at one point trying to do with cloudflare but I got stuck and I can't recall why?
End of the day it's a bit of a mess and I should probably have someone redo all my DNS for me to clean it up. There are old records in there that I am sure are not necessary.
We'll see what the Systeme technician says, but it seems like if I want to keep using them to build my sites (which I do) that I may be stuck paying for SSLs through namecheap.
I'll report back once I hear anything.
There are potential other free options.
1 Like
Alright, stepping back and reviewing I think I understand the problem better.
I still don't know why systeme . io can't support the names directly.
But, let's nevermind that. You described an Apache server in post #1 but your DNS for your root name is handled by a LiteSpeed server.
Is this LiteSpeed what you are paying for at NameCheap? It uses a Sectigo cert.
And, are you trying to replace that with an Apache server and a Let's Encrypt cert?
Because HTTP and HTTPS redirects look to be working properly right now.
curl -I http://kedrikwinterwolf.com
HTTP/1.1 301 Moved Permanently
server: LiteSpeed
location: https://kedrikwinterwolf.com/
curl -I https://kedrikwinterwolf.com
HTTP/2 301
server: LiteSpeed
location: https://www.kedrikwinterwolf.com/
curl -i https://www.kedrikwinterwolf.com
HTTP/2 200
server: nginx/1.24.0
via: 1.1 ffa4b37ccdc94a8c62bf6b6414725210.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
3 Likes
I saw these. It seems like anyway I go there is eventually going to be fees, on top of managing the certs myself. I thought letsencrypt was going to save me...
1 Like
Let's Encrypt certs are free but if you need a server to redirect your root domain name to systeme then you have to run that somehow / somewhere.
4 Likes
Oh I may have inadvertently added the apache info because I saw it on the cpanel info.
I'm not trying to switch to apache, simply get SSL certificates installed.
Funny that the HTTP and HTTPS redirects look to be working properly now, I redid a DNS record and a redirect but they're exactly as they were before...
No idea where the litespeed is, but I assume you're correct that it's namecheap hosting. I bought the cheapest one, Stellar, just to handle this DNS disaster https://www.namecheap.com/hosting/shared/
Then it will be hard to get a cert for it
Even if you got a cert you need to configure LiteSpeed to use it. Or, replace LiteSpeed with Apache and configure Apache to handle requests to your root domain.
You probably need to ask some pointed questions of NameCheap support
I haven't used NameCheap personally for many years. And, we do see it often on this forum. But, I am no expert on all their offerings.
That all said, I still think you should talk with systeme . io people. This can't be an unusual thing for them to support or to give advice about.
3 Likes