Finding full SSL certificate for SquareSpace site

I’m attempting to install Red5Pro Server on my home machine and live-stream shows to a SquareSpace website on a WebRTC stream. WebRTC requires an SSL certificate for the server.

  1. The domain (krayvankirk.com) already has an SSL as part of the standard SquareSpace security process (SqS uses letsencrypt);

  2. Attempting to run

$ sudo ./certbot-auto certonly --standalone --email kvk@krayvankirk.com --agree-tos -d ssl.krayvankirk.com

on my home machine (Ubuntu 16.04) on which the Red5Pro Server instance is installed returns

Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ssl.krayvankirk.com
Waiting for verification…
Challenge failed for domain ssl.krayvankirk.com
http-01 challenge for ssl.krayvankirk.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: ssl.krayvankirk.com
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up A for ssl.krayvankirk.com

    • check that a DNS record exists for this domain;
  1. The DNS and A records for the domain are all fine and functioning. I am assuming this return has something to do with either a) running this remotely from a machine not on the domain server network (i.e. my local machine and not a formal server on the SqS backbone; or b) replicating an SSL for a domain already possessed of a letsencrypt SSL cert.

  2. Where is the full SSL certificate information stored? SqS says this is beyond their support scope, and it’s certainly not on my local machine, but I need to include it in some of the Red5Pro-Server files on my local machine to allow WebRTC streaming outside my local network;

5e#1ccc - I might be completely full of crap thinking that this can be implemented at all.

1 Like

The A record for ssl.krayvankirk.com has to be visible to everyone.

You need to login to NS1 and create it there.

Otherwise, Let’s Encrypt doesn’t actually know whether you control the domain, and can’t issue you a certificate.

2 Likes

Hmmm… okay - thanks for that.

The DNS and associated CNAME etc. are all handled and registered through SquareSpace. Does that mean I should create ssl.krayvankirk.com as a subdomain and create the A record? If I tried to do it NS1, wouldn’t it simply return an error, as the domain is already created and registered elsewhere?

1 Like

I hadn’t realized that NS1 is the DNS provider for Squarespace. You can disregard my last post.

On the bright side, I can see the DNS record for ssl.krayvankirk.com now.

If you want to host a WebRTC server on your home Ubuntu server, I think you would want to point the subdomain towards your home connection, right? So that when somebody visited https://ssl.krayvankirk.com in browser, it’d connect directly to your Ubuntu machine’s Red5Pro Server?

At the moment you have a CNAME towards Squarespace’s servers, which wouldn’t have the above effect. You’d instead need to use an A record towards your home IP address, and then setup port forwarding so that connections to port 80 and 443 went to your Ubuntu server on your local network.

1 Like

Now that’s a most excellent idea- thank you!! I hadn’t realized I could do that! That would indeed solve a host of the issues I’ve been encountering in port settings and having to set some very large JS files on GitHub as a CDN. I’d be a tad concerned about security (having people connect directly my home machine) and exceeding local ISP bandwidth but this is definitely an easy way to solve this. Thank you so much!!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.