GoDaddy redirect to IP

Hello, I am new to the community. I apologize if I did not use the forum properly. I searched and I found posts about servers hosted in GoDaddy and posts on Let’s Encrypt non generating keys for IP addresses, but I did not find out whether or not it is possible to configure SSL for my case:

My domain name is registered with GoDaddy,
it is redirected to myPublicIPaddress:myPortNumber (not 80),
where I run my web server using nginx on Debian.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: web.antonio-art.es

I ran this command: certbot --nginx -d web.antonio-art.es

It produced this output:
IMPORTANT NOTES:

My web server is (include version): nginx 1.10.3

The operating system my web server runs on is (include version): Debian 9 (On Vultr)

My hosting provider, if applicable, is: GoDaddy (domain register, not web server)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

1 Like

Welcome to the Let’s Encrypt Community :slightly_smiling_face:

Let’s see what we can do for you… :thinking:

1 Like

web.antonio-art.es (184.168.131.241)
Domain forward from GoDaddy
Hosted on Vultr
Debian 9 with nginx 1.10.3
certbot 0.28.0

I see that web.antonio-art.es has a valid public ip address of 184.168.131.241, which is the ip address for GoDaddy domain forwarding, and that both ports 80 and 443 are open.

Your certbot version (0.28.0) is rather old compared to the current version (1.8.0), but that does not appear to me to be the likely cause of the issue.

I’ll be back a bit later.

This will likely cause you problems:

1 Like

Thank you for your quick answer.

I have web.antonio-art.es redirected to 45.76.32.225:8108

Could this be a problem?

The domain forwarding ip address is serving GoDaddy’s certificate. Since you’re not forwarding your domain to another domain, you’re effectively trying to certify a private webserver hiding behind a public domain forward.

Is there any reason you can’t just set the A record in GoDaddy to point to your actual hosting and serve your content on port 80, which is currently a default nginx instance? After deleting the forward, of course.

1 Like

Back in an hour or so. Someone might pick this topic up in the mean time though

Thanks. I am not familiar with setting the A record in GoDaddy. I will investigate.
Port 80 is open in my Vultr machine, it is just that my nginx server listen to 8108 and does not have a server configured on port 80.

Go to your DNS settings through your GoDaddy account. Delete the forward. Wait an hour. Change your DNS A record to 45.76.32.225. We can go from there.

1 Like

Hi @antonio.filigranas

checking your domain that can't work - see web.antonio-art.es - Make your website better - DNS, redirects, mixed content, certificates

Your ip

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
web.antonio-art.es A 184.168.131.241 Scottsdale/Arizona/United States (US) - GoDaddy.com, LLC Hostname: ip-184-168-131-241.ip.secureserver.net yes 1 0
AAAA yes

is a GoDaddy-ip you don't manage.

And the content is a frame:

http://web.antonio-art.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
184.168.131.241 No GZip used - 393 / 416 - 94,47 % possible
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	200
	
Html is minified: 105,32 %	0.376
	
Visible Content: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> web.antonio-art.es
Info: Html-Content with frame found, may be a problem creating a Letsencrypt certificate using http-01 validation
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>web.antonio-art.es</title> 
<meta name="description" content=""> <meta name="keywords" content=""> </head> 
<frameset rows="100%,*" border="0"> <frame src="http://45.76.32.225:8108/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de" frameborder="0" /> </frameset> </html> 

Your A-record must have 45.76.32.225:8108 as value, not that GoDaddy ip address.

Change your A-record, then recheck your domain.

If that looks ok, try it again.

Currently, the wrong ip address is checked.

2 Likes

Thanks for confirming my thoughts @JuergenAuer. :wink:

He must delete the forward first or GoDaddy will give him endless trouble via an undeleteable A record.

1 Like

Thanks a lot. I am afraid I cannot change the A record in GoDaddy. So I must assume what I intended is not possible.

1 Like

You must delete the forward to change the A record.

I did it. Waiting…

1 Like

If this isn't possible, you can't use http validation.

Then you may use dns validation.

See

May be with --manual.

But more critical:

If you can't change the ip, you can't install the certificate.

Because it doesn't work with your frame with ip address.

1 Like

@JuergenAuer

Please, please, please actually read my posts, brother.

@antonio.filigranas

It’s gonna take a bit to clear. GoDaddy can be a snail.

I do not see an A record for web.antonio-art.es in GoDaddy DNS management page.
web.antonio-art.es is a subdomain of antonio-art.es whose A record is @ 184.168.131.241
I do not know how to manually add an A record for web.antonio-art.es.
I feel that this topic is above my abilities and I am afraid to bother you.

It was an A record before. It disappeared after deleting the forwarding, But it was uneditable anyways.

Yep, I see, the web subdomain isn't defined.

May be it's impossible.

Or share a screenshot.

A subdomain web with an A record is required.

PS: You have to create a new subdomain - name: web.

1 Like

Once that A record goes back to parked ip (34.102.136.180) on its own, we can proceed.

@JuergenAuer

I owe you a better explanation. I’ve just been running and posting. Since I know you’ll see this issue again and to save you lots of headache:

When you use the GoDaddy graphic interface to forward a domain, GoDaddy points the A record at a special hosting instance (or maybe cluster) at 184.168.131.241. This allows customers with domains registered with GoDaddy to 301 or 302 forward their domains without having to purchase hosting for them. To “protect” the customer from themselves to keep the graphic interface in sync with the records, GoDaddy makes the A record uneditable. When the user deletes the forward and GoDaddy cleans up the internals, the A record is reverted back either to the known GoDaddy hosting instance (if one exists) or to the parked server (34.102.136.180). At that point, the A record can be modified (though it really should not be modified if there is a GoDaddy hosting instance as that creates other problems). Hopefully this clarifies the situation completely and adds to your extensive knowledge. :slightly_smiling_face:

2 Likes