--expand is not adding the new domain


#1

My domain is: jeffreyscode.com
I ran this command: certbot --nginx -d jeffreyscode.com -d www.jeffreyscode.com -d api.jeffreyscode.com --expand
It produced this output: Domain: api.jeffreyscode.com Type: unauthorized Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested from [2604:a880:2:d0::9e:b001]:443. Received 2 certificate(s), first certificate had names "jeffreyscode.com, www.jeffreyscode.com" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
My web server is (include version): nginx 1.10.3 & node 8.1.3
The operating system my web server runs on is (include version): Ubuntu 16.04.3
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don’t know): Yes.
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No.

In short, I’ve got some static files being served by nginx - this works perfectly. The site does have the certificates installed and working. However, this nginx instance is also being used as a proxy server to a node.js application. It listens on api.jeffreyscode.com, and this is not working. I can’t seem to get the certificate to issue with the new domain. Is this something I would need to fix in the node.js app? Is it something in nginx? Certbot? Any help that anyone can provide would be much appreciated. Thanks.


#2

certbot --nginx” doesn’t support IPv6 yet. :frowning:

It’s currently scheduled to be fixed in the next release, I believe.

For now, you can use “certbot certonly --webroot” or do awful hacks to the Nginx config files to make it sort of work.



#3

Just curious, what is the difference between using the nginx plugin and using the --webroot flag? Will that have any major impact on anything, or should it still protect the site in all the needed areas?


#4

The Nginx plugin automatically configures Nginx.

With the webroot plugin, you’d have to configure the certificate and so forth in Nginx yourself. (Only once, though.)

You’d also want to pass --deploy-hook "service nginx reload" or so forth to Certbot.


#5

So for Nginx, what steps would I need to take to configure TLS/SSL? As I currently have the static files secured under the certificate, would anything need to change in regards to that server? Would I just need to edit the proxy server?


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.