My domain is: keligo.com
I ran this command: sudo certbot --apache
At the finish of this section, I include a Summary.
12 domains and specific subdomains were included in my certificate application, two of them being keligo.com and www.keligo.com. But alpha.keligo.com (the FQDN of subject IP address; see DNS “A” record below) not included. That, I think is at the heart of the matter.
It produced this output:
The following errors were reported by the server:
They A records do exist (registrar GoDaddy)
type name value
A @ 220.127.116.11
A alpha 18.104.22.168
– IP for webserver: 22.214.171.124
– Primary domain for Linode web server: packetstacks.com (used to be keligo.com or the FQDN alpha.keligo.com) but changed by ____ when keligo.com was deemed “inactive”.
– DNS records: Just an email address record (email@example.com) and five NS records all to subdomain “packetstacks.com”
I verified the folders/files the certificate were written to /etc/letsencrypt . I don’t know how to interpret their meaning, they just look “official”.
Notwithstanding the problem reported by Certbot, LetsDebug said all domains/subdomains were successful.
At the top of the certificate is “alpha” which I take to be the name of the “Certification name mismatch”.
Four possible reasons were offered. Here are two that seem relevant:
- The website does not use SSL but shares an IP address with some other site that does.
- The domain name is an alias for a website whose main name is different, but the alias was not included in the certificate by mistake. [That would be alpha.keligo.com, and that would be consistent with the fact that I was never offered alpha.keligo.com to include in the certificate.]
WhyNoPadlock reports this:
Tested URL: https://keligo.com
Your SSL certificate does not match your domain name!
Protected Domains: * No Domains Listed
Again, I verified the folders/files the the certificate were written to /etc/letsencrypt .
None of the domains/subdomains work with https.
Summary: Certbot closes with “DNS problem: NXDOMAIN looking up A for www.keligo.com” and those A records do exist. Certificate folder/files generated and stored at /etc/letsencrypt. LetsDebug says all domains are good, no problems. ssllabs says ‘Certificate name mismatch’. Godaddy DNS records for all domains point to 126.96.36.199, the IP address for the web server at Linode. Primary domain at Linode server is packetstacks.com, but that website has not yet been developed and therefore not hosted on the webserver. None of the domains work with https, instead display a waring message.
So (1) what went wrong with what should have been the simplest application possible (not --manual), and (2) what to do now? This is definitely not my area of expertise and hoping to see a straightforward solution.
My web server is (include version): CentOS 7
The operating system my web server runs on is (include version): Apache
My hosting provider, if applicable, is: Linode
I can login to a root shell on my machine (yes or no, or I don’t know): Yes (su and sudo)
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): certbot 1.6.0