app.re-roadmap.com is some sort of Google web server. On HTTP, it returns a redirect to http://159.203.124.184/ (a DigitalOcean IP). It doesn’t support HTTPS.
@mnordhoff, thanks for thinking of this. I noticed the ghs.googlehosted.com part last week but I didn’t notice that @ktys1 said it was supposed to be hosted on DigitalOcean. I guess in the future I need to check explicitly whether the hosting provider that I see in tests is the same hosting provider that the user expects to be using.
I completely agree with @mnordhoff’s diagnosis and think that accounts for 100% of the problems here!
If I understand the documentation correctly, running certbot out of the box does require 443, and it needs the --preferred-challenges option to override it. Is this correct? Also, nginx does not seem to support the http-01 plugin.
Hey Everybody on this thread - sorry I dropped out for a week, but in fact
the Google “forwarding” process, which was the service requested for our
DNS, that @mnordhoff identified, would not work with the standard cert
process, so we switched to a full DNS mode rather than forwarding, and
everything seems to work as expected now.
Thanks a lot for once again working through a difficult setup issue.
That? Wrong. As a design decision, the validator won't follow redirects to IP addresses. http://any-website.example.com/? Yes. http://159.203.124.184.xip.io/? Also yes. (It's a real domain.) http://159.203.124.184/? Noo.
As a design decision, the validator won't follow redirects to IP addresses.