I have changed a domain to another web server and it does not generate a new certificate for unknown reasons it is activated in another domain of the old server. I run the command /usr/local/bin/certbot-auto --apache , with the following error:
I’ve been trying to fix it for two days. I have deleted all /etc/letsencrypt/live, /etc /letsencrypt/renewal folders from camerweb and generated a new certificate for camerweb but the error continues.
Any ideas please, as I intend to move 6 other domains in production to the new server.
Your zone definition is wrong. Read the output of the check:
Fatal: Inconsistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone.: ns.kimsufi.com (213.186.33.199): Delegation: ns.kimsufi.com,ns381524.ip-91-121-80.eu, Zone: ns.kimsufi.com,ns1.my-ebook.es,ns2.my-ebook.es,ns300398.ip-91-121-31.eu
Adding name servers is wrong if they are not delegated. So your old ip is visible.
Now I don't have them anywhere (I deleted them from the Domain Registrar three days ago). How can I find out who generates them?
The missing redirect “/” that you tell me refers to that it must be placed at the end of Redirect permanent / https://my-ebook.es, for example Redirect permanent / https://my-ebook.es/
Fatal: Inconsistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone.: ns.kimsufi.com (213.186.33.199): Delegation: ns.kimsufi.com,ns381524.ip-91-121-80.eu, Zone: ns.kimsufi.com,ns1.my-ebook.es,ns2.my-ebook.es,ns300398.ip-91-121-31.eu
Fatal: Inconsistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone.: ns.kimsufi.com (2001:41d0:3:1c7::1): Delegation: ns.kimsufi.com,ns381524.ip-91-121-80.eu, Zone: ns.kimsufi.com,ns1.my-ebook.es,ns2.my-ebook.es,ns300398.ip-91-121-31.eu
Ok, in my DNS provider I had not deleted the secondary DNS of my-ebook.es. Yes now. Should I wait a while for it to update?
I use BIND to spread the DNS, on the old server I have not had any problem with these DNS:
@ IN NS ns300398.ip-91-121-31.eu.
@ IN NS ns.kimsufi.com.
Now on the new server I have left it like this:
$ ttl 38400
@ IN SOA ns381524.ip-91-121-80.eu. jesuscaceres.movistar.es. (
2016062193
10800
3600
604800
38400)
@ IN NS ns381524.ip-91-121-80.eu.
@ IN NS ns.kimsufi.com.
IN PTR my-ebook.es.
my-ebook.es. IN A 213.186.33.199
my-ebook.es. IN A 91.121.80.173
www.my-ebook.es. IN A 91.121.80.173
ftp.my-ebook.es. IN A 91.121.80.173
m.my-ebook.es. IN A 91.121.80.173
localhost.my-ebook.es. IN A 127.0.0.1
webmail.my-ebook.es. IN A 91.121.80.173
admin.my-ebook.es. IN A 91.121.80.173
mail.my-ebook.es. IN A 91.121.80.173
my-ebook.es. IN MX 5 mail.my-ebook.es.
Good news, finally I have managed to solve all the problems and I comment here what happened in case someone has the same incident and it is worth it to solve it.
Regarding DNS, ns1.my-ebook.es, ns300398.ip-91-121-31.eu and ns2.my-ebook.es
Despite the fact that in the control panel of my Domain Name Registrar Agent (Dondominio.com) I deleted them and wrote the new ns381524.ip-91-121-80.eu., ns.kimsufi.com. and they were accepted by the system, but due to some error in their system, they had no effect, so I had to open a ticket to the support informing of indecency. This morning they have corrected it manually and the DNS propagate normally.
Regarding the slash “/” in Redirect permanent / https://my-ebook.es in order to obtain the Let’s Encrypt certificate I had to comment the entire line: #Redirect permanent / https://my-ebook.es, to leave me issue the certificate. Once issued (I have done it through the command line and Virtualmin) I have put that line back and the test site works perfectly with HTTP2 and HTTPS.