Creating cert before domain migrated

I will be migrating prestogem.com to my new host. I have setup prestonew.com on it already for testing and am already using a letsencrypt ssl cert. I tried to add prestogem.com to the cert now (so I can test nginx.conf with single server block that supports both domain names). It failed with the error below. Is there anyway I can create the new cert & do the testing I want prior to migrating prestogem.com?


It produced this output:
DNS-based validation failed : Neither DNS zone prestogem.com or any of its sub-domains exist on this system

My domain is:prestonew.com

I ran this command: webmin's Request Cert

My web server is (include version): nginx 20

The operating system my web server runs on is (include version): centos 7

My hosting provider, if applicable, is: hostwinds

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): webmin

Hi @sethscohen, welcome to the LE community forum :slight_smile:

You are correct to be using DNS validation to obtain a cert for a domain that does not yet resolve to the IP of that new server.
Unfortunately, the two domains are using very different DNS systems and may not be able to be combined via the same DNS plugin.

prestogem.com   nameserver = ns1.railsplayground.net
prestogem.com   nameserver = ns25.railsplayground.net

prestonew.com   nameserver = mdns7.hostwindsdns.com
prestonew.com   nameserver = mdns8.hostwindsdns.com

If you can do them individually, you might be able to get them validated and then request a cert with both names on it.
OR
Just use them separately with individual certs.

Sure, but that's not the issue. For testing, I will put prestogem.com in my /etc/hosts on the new host and on my development system. The real prestogem.com and its dns will not be affected/involved until the actual migration.

The sole issue here is getting past the verification test... which is conceptually okay because I own both prestogem & prestonew.

OK...but:
HTTP validation requires the ACME client to be at the IP resolved form the FQDN.
[you can't possibly be at two IPs at the same time]
DNS validation requires the DNS server to be updated.
[this can be done from anywhere - but to be automated, must be supported by the DNS Service Provider (DSP)]

That fact that you own the domain doesn't pass the required proof test.
These domain validations aren't being done by your domain registrar - LOL
[that would surely be a lot easier to prove to them - but certainly NOT for FREE]

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.