How do get a certificate for a redirect site?


#1

My domain is:
ekaya.co

I ran this command:
./certbot-auto certonly --webroot -w /srv/rental/public -d s.ekaya.co

It produced this output:
Failed authorization procedure. ekaya.co (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ekaya.co/.well-known/acme-challenge/tC3dZV2QWM4Vsf3BsLKeOCNh14kjoupxP8gJ0lR9oOA: "<!doctype html>

My operating system is (include version):
Debian Wheezy

My web server is (include version):
Nginx

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No.

Certbot works fine running against our main domain name, e.g.:
./certbot-auto certonly --webroot -w /srv/rental/public -d ekaya.com

But when I try get a certificate for our alternative domain, ekaya.co, it gives the error shown above. How do I get it to work, given that we have this nginx config file redirecting requests from ekaya.co to ekaya.com ?

force http calls to https

server {
server_name ekaya.co;

listen 80;
listen 443;

location = / {
    # Check if a file exists, or route it to index.php.
    rewrite ^ http://www.ekaya.co last;
}

location ~* (/.*) {
    rewrite ^ https://eboard.io$request_uri? last;
}

}

redirect ekaya.co correctly

server {
server_name agent.ekaya.co;

listen 80;
listen 443;

location ~* (/.*) {
    rewrite ^ https://agent.eboard.io$request_uri? permanent;
}

}

redirect s.ekaya.co correctly

server {
server_name s.ekaya.co;

listen 80;
listen 443;

location ~* (/.*) {
    rewrite ^ https://s.eboard.io$request_uri? permanent;
}

}


#2

It should just follow the redirects and work OK, however there does look something odd (or is it just your copy / paste ) in that you use the command

./certbot-auto certonly --webroot -w /srv/rental/public -d s.ekaya.co

yet the error is

Invalid response from http://ekaya.co/.well-known/

so one is the subdomain and the other the domain !!!


#3

Sorry, yes, s. is a forum typo, I was using the correct domain on my actual server. That’s not what is causing the error.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.