Error Issuing Certificate via cPanel

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:rcgrs.com

I ran this command: Issue New Certificate, via the cPanel App for Let’s Encrypt

It produced this output:
There was a problem processing your request

The operating system my web server runs on is (include version):
linux
My hosting provider, if applicable, is:
IMHOSTED
I can login to a root shell on my machine (yes or no, or I don’t know):
I don’t know
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
cPanel
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi @TristanJLoomis

are your ip addresses correct? See https://check-your-website.server-daten.de/?q=rcgrs.com

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
rcgrs.com A 107.190.135.214 Orlando/Florida/United States (US) - HostDime.com Hostname: ion.dnsprotect.com yes 2 0
A 198.49.72.98 Orlando/Florida/United States (US) - HostDime.com, Inc. Hostname: ion.dnsprotect.com yes 2 0
AAAA yes
www.rcgrs.com CNAME rcgrs.com yes 1 0

Two different ip addresses, but different answers.

Domainname Http-Status redirect Sec. G
http://rcgrs.com/ 107.190.135.214 No GZip used - 6777 / 22336 - 30,34 % possible 200 Html is minified: 205,09 % 0.394 H
small visible content (num chars: 0)
http://rcgrs.com/ 198.49.72.98 200 Html is minified: 100,00 % 0.267 H
small visible content (num chars: 0)
http://www.rcgrs.com/ 107.190.135.214 No GZip used - 6777 / 22336 - 30,34 % possible 200 Html is minified: 205,09 % 0.564 H
small visible content (num chars: 0)
http://www.rcgrs.com/ 198.49.72.98 200 Html is minified: 100,00 % 0.250 H
small visible content (num chars: 0)
https://rcgrs.com/ 198.49.72.98 302 https://rcgrs.com/cgi-sys/suspendedpage.cgi Html is minified: 100,00 % 4.640 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://www.rcgrs.com/ 198.49.72.98 302 https://www.rcgrs.com/cgi-sys/suspendedpage.cgi Html is minified: 100,00 % 4.640 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://rcgrs.com/ 107.190.135.214 No GZip used - 6777 / 22336 - 30,34 % possible Inline-JavaScript (∑/total): 6/1723 Inline-CSS (∑/total): 2/3329 200 Html is minified: 205,09 % 4.860 A
small visible content (num chars: 0)
https://www.rcgrs.com/ 107.190.135.214 No GZip used - 6777 / 22336 - 30,34 % possible Inline-JavaScript (∑/total): 6/1723 Inline-CSS (∑/total): 2/3329 200 Html is minified: 205,09 % 4.764 A
small visible content (num chars: 0)

The 198 + https has a redirect to a suspended cPanel page. But creating a screenshot works, there is not 0 bytes content, instead, there is a normal website with a valid certificate visible.

Looks like you have changed your ip address but the old ip isn’t removed. So Letsencrypt may has checked the wrong ip address.

1 Like

That’s very odd, how on Earth could there be another copy out there with a different non-certified IP? Is there any way I can fix this or do I need to have someone from GoDaddy help me? I am using a shared IP from them.

This looks to me to be a misconfiguration by your web host, not something that GoDaddy could help you with.

Your web host is the one who is advertising the two IP addresses (which happen to both point to the same cPanel server):

$ dig +noall +answer @ion.dnsprotect.com rcgrs.com
rcgrs.com.              14400   IN      A       198.49.72.98
rcgrs.com.              14400   IN      A       107.190.135.214

What’s happening is that your host is saying, “hey, you can find rcgrs.com at these 2 IP addresses”, while at the same time, their webserver is configured to only serve your website from 1 of the IP addresses.

I would get in contact with your host and ask them about this. Link to this thread if you need to, it’s kind of complicated to explain the problem.

Hello all,I have worked up and back down the chain to try and get my issue resolved. I worked with IMHOSTED and they have removed the unnecessary IP from my site, and I have waited well beyond the propagation period, but I am still getting the same error when attempting to Issue an SSL for my rcgrs.com site. I am still seeing the error of a 'Hostname Mismatch" when checking GoDaddy:


I also checked here to try and get more information on my issue: https://globalsign.ssllabs.com/analyze.html?d=rcgrs.com#whyNotTrusted

And I am assuming this has something to do with the Error I get when I attempt to use the Let’sEncrypt app on cPanel:

Here is the image from cPanel failure to issue Let’sEncrypt SSL

The DNS configuration still looks wrong to me.

The correct IP address of your cPanel server is 107.190.135.214. You appear to have removed that IP, when you should have removed the other one (the one left over):

rcgrs.com.              14400   IN      A       198.49.72.98

That would be troubling. I was working off of what cPanel advertised as my IP. How can I tell that the 107.190.135.214 is the correct IP for me to be using? So I can go let the nice IMHOSTED people know that I need to changed again. image

One way to determine what the “true” IP address is can be tested by sending a request to each IP address, and seeing how it reacts.

When we send a request to the correct IP, we get your website (the “Rose City Garden Railway Society”).

curl -i --resolve rcgrs.com:80:107.190.135.214 http://rcgrs.com

(You’ll see the HTML of your real website).

On the other hand, when we send a request to the other (wrong) IP, we get the default cPanel landing page.

curl -i --resolve rcgrs.com:80:198.49.72.98 http://rcgrs.com

(You’ll see some short HTML that redirects you to the cPanel landing page).

The IP address reported in the cPanel user interface is wrong - it doesn’t correlate to how your cPanel server actually behaves. Your host has misconfigured something on their end.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.