Domain resolving to incorrect IP

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: minlandmachine.com

I ran this command: Ran through cPanel

It produced this output: 9:10:46 AM WARN Local HTTP DCV error (minlandmachine.com): The system queried for a temporary file at ā€œhttp://minlandmachine.com/.well-known/acme-challenge/NXIYIZOGIQ1_1-A3F428LBI5XPGJ7_2Nā€, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain ā€œminlandmachine.comā€ resolved to an IP address ā€œ174.127.110.198ā€ that does not exist on this server.

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): CentOS Linux 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel v100.0.2

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Looks like the domain is resolving incorrectly on the LetsEncrypt side. The server IP Address is not correct in the error message.

Hi @DOJOCreative and welcome to the LE community forum :slight_smile:

Although I'm pretty sure that the Apache configuration may be to blame, we have to be careful what is changed outside of cPanel's control. All things should have been able to have been managed that way.
To that point, have any changes been made outside of cPanel (like in the last 60 days)?

Sorry, I just missed the obvious (TITTLE).
Is that IP ("174.127.110.198") incorrect?

EDIT: It seems like it is correct

echo | openssl s_client -connect minlandmachine.com:443 | head
depth=0 CN = minlandmachine.com
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = minlandmachine.com
verify return:1
CONNECTED(00000005)
DONE
---
Certificate chain
 0 s:CN = minlandmachine.com
   i:CN = minlandmachine.com
---

OK I see the problem.
Global DNS is out of sync with your domain servers:

nslookup minlandmachine.com 8.8.8.8
Name:    minlandmachine.com
Address: 23.238.35.10

nslookup minlandmachine.com dns1.midphase.com
Name:    minlandmachine.com
Address: 174.127.110.198

It seems both IPs are somehow associated with your domain:

echo | openssl s_client -connect 23.238.35.10:443 -servername minlandmachine.com| head
depth=0 CN = minlandmachine.com
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = minlandmachine.com
verify return:1
DONE
CONNECTED(00000005)
---
Certificate chain
 0 s:CN = minlandmachine.com
   i:CN = minlandmachine.com
---
echo | openssl s_client -connect 174.127.110.198:443 -servername minlandmachine.com| head
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = webdisk.minlandmachine.com
verify return:1
DONE
CONNECTED(00000005)
---
Certificate chain
 0 s:CN = webdisk.minlandmachine.com
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---

DNS takes time to sync.

What the "world" sees now:

nslookup -q=soa minlandmachine.com 8.8.8.8
minlandmachine.com
        primary name server = dns1.midphase.com
        serial  = 2014071101
        refresh = 14400 (4 hours)
        retry   = 7200 (2 hours)

What your DNS servers have now:

nslookup -q=soa minlandmachine.com dns1.midphase.com
minlandmachine.com
        primary name server = dns1.midphase.com
        serial  = 2021100103
        refresh = 14400 (4 hours)
        retry   = 7200 (2 hours)

You may have to wait until all systems are at version 2021100103.

2 Likes

And the plot thickens!

Global DNS shows:

nslookup -q=ns minlandmachine.com a.gtld-servers.net.
minlandmachine.com      nameserver = ns14.midphase.com
minlandmachine.com      nameserver = ns15.midphase.com
minlandmachine.com      nameserver = ns16.midphase.com

But somehow parts of the Internet see:

nslookup -q=ns minlandmachine.com 8.8.8.8
minlandmachine.com      nameserver = dns1.midphase.com
minlandmachine.com      nameserver = dns2.midphase.com

Talk with your DNS Service Provider (DSP) about this problem - they should be able to help or direct you with it.

2 Likes

It's also interesting to note that 23.238.35.10 as wel as 174.127.110.198 serve a certificate for minlandmachine.com, but the former uses a self-signed certificate and the latter uses a Let's Encrypt certificate.

Might be useful to know which IP address is actually correct.

3 Likes

That depends on who you ask.
ns14, ns15, ns16 say one thing (timestamped 2021).
dns1, dns2 say another thing (timestamped 2014).

My suggestion is to ask OP instead of the DNS servers. I'm sure OP knows what IP address the server has :wink:

2 Likes

Correct IP should be 23.238.35.10. The dns1 and dns2 servers should no longer be active on the domain. They aren't showing on the whois record and are not part of the registrar listed servers either. I'll put in a ticket at the registrar.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.