How to delete/change certificate order?


#1

Hello,

I created a wildcard certificate for my sites on sslforfree.com/ and after reading on the forum I found out that I choose the wrong one I should have select the one for multidomains/subdomains and I have no idea how to change that.

This is the TXT code I received and ask my web host to add:

Add TXT record with the name/host
_acme-challenge.lesbricollesdecleo.com
with the value
xY0OZKmSI5XfxZx81qTZ6IJAbuQBfNGaCLUIdGYKnx0
and a TTL (Time to Live) (in seconds) of
1
Add TXT record with the name/host
_acme-challenge.lesbricollesdecleo.ca
with the value
mG83bV4fVCgPu6kMTISTgpfPWQ9y0su6gGOrx2cP4Eg
and a TTL (Time to Live) (in seconds) of
1
Add TXT record with the name/host
_acme-challenge.lesbricoles.com
with the value
zs9Ed-136n8YO4oLtX2ZOHTOGLi5uxU2QXW73Ckm-5U
and a TTL (Time to Live) (in seconds) of
1

The one for the main site had been found:

TXT Record(s) Found. Make sure the value matches the value specified by the instruction for with the domain hostname:

HOST: _acme-challenge.lesbricollesdecleo.com
TTL: 1
TXT: zs9Ed-136n8YO4oLtX2ZOHTOGLi5uxU2QXW73Ckm-5U

HOST: _acme-challenge.lesbricollesdecleo.com
TTL: 1
TXT: xY0OZKmSI5XfxZx81qTZ6IJAbuQBfNGaCLUIdGYKnx0

HOST: _acme-challenge.lesbricollesdecleo.com
TTL: 1
TXT: mG83bV4fVCgPu6kMTISTgpfPWQ9y0su6gGOrx2cP4Eg


But of course the other two won’t because they are addons/subdomains and not main domains.
Looks like I should have put them this way instead:
lesbricollesdecleo.lesbricollesdecleo.com lesbricoles.lesbricollesdecleo.com *.lesbricollesdecleo.com

I tried to order a new certificate with the right informations but when click on Manually get the TXT records I am receiving this error message:

Error: {“type”:“urn:ietf:params:acme:error:malformed”,“detail”:“Error creating new order :: Domain name “lesbricoles.lesbricollesdecleo.com” is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.”,“status”:400}

I know it’s because I already got the following for my main site:

TXT Record(s) Found. Make sure the value matches the value specified by the instruction for with the domain hostname:

HOST: _acme-challenge.lesbricollesdecleo.com
TTL: 1
TXT: zs9Ed-136n8YO4oLtX2ZOHTOGLi5uxU2QXW73Ckm-5U

HOST: _acme-challenge.lesbricollesdecleo.com
TTL: 1
TXT: xY0OZKmSI5XfxZx81qTZ6IJAbuQBfNGaCLUIdGYKnx0

HOST: _acme-challenge.lesbricollesdecleo.com
TTL: 1
TXT: mG83bV4fVCgPu6kMTISTgpfPWQ9y0su6gGOrx2cP4Eg

So I send two email to support at sslforfree.com of but didn’t get any anser yet and it’s been 4 days now, I believe they are very busy. So I asked my web host to delete the TXT record they added for me thinking that it might help to delete the certificate order but it didn’t because I still cannot create a new one.

Can someone tell me how can I fix that please or how/where I can delete the order to be able to create a new one?

Regards,

Monique-Cleo


#2

Hi,

Could you please share us the “exact set” of domains you are trying to obtain certificate for?

Is it:
lesbricollesdecleo.com, *.lesbricollesdecleo.com, lesbricollesdecleo.ca, *.lesbricollesdecleo.ca, lesbricoles.com, *. lesbricoles.com? (three doamins with all first level subdomains?)

Thank you


#3

Hello, thank you for replying,

I believe it’s:
lesbricollesdecleo.lesbricollesdecleo.com lesbricoles.lesbricollesdecleo.com *.lesbricollesdecleo.com

Because the last one: lesbricollesdecleo.com is my maine site and the other 2 (lesbricoles.com and lesbricollesdecleo.ca) are addon domains.

I have multi-site with opencart platform.

Regards,

Monique-Cleo


#4

There’s no such thing as deleting an order. Just abandon your original order.

Feel free to remove all the existing TXT records, they don’t matter anymore, but it also doesn’t matter if they stay.

You just need to start again from scratch, and make sure not to not overlap any domains.

For example, if you want these domains:

  • lesbricoles.lesbricollesdecleo.com
  • lesbricollesdecleo.com
  • *.lesbricollesdecleo.com

Do not include the first domain, because it is overlapped (made redundant by) the third domain. So just include:

  • lesbricollesdecleo.com
  • *.lesbricollesdecleo.com

If you have trouble with sslforfree.com, try https://zerossl.com/free-ssl/#crt or gethttpsforfree.com, they are better choices.


#5

Hello again,

Ok I am not sure but I believe you made a typo mistake in the middle one, it’s not a .com but a .ca

Main: lesbricolledecleo.com
addons: lesbricollesdecleo.ca and lesbricoles.com

I tried to start again from scratch but I get the error I posted above,
Error: {“type”:“urn:ietf:params:acme:error:malformed”,“detail”:“Error creating new order :: Domain name “lesbricoles.lesbricollesdecleo.com” is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.”,“status”:400}

and there is no place I can change it.

Regards,
Monique-Cleo


#6

If there’s no way to start a new order on sslforfree.com, try one of the alternatives I linked.

Honestly the overlapping problem should be automatically taken care by client you use (in your case, sslforfree.com), it may just be a defect of their service .


#7

Ok thanks, I will try the other one. I also requested my web host to offer LestEncrypt on their plan, it would be easier for everyone.

Sorry I forgot to ask, the way I put the url is it ok

lesbricollesdecleo.lesbricollesdecleo.com lesbricoles.lesbricollesdecleo.com *.lesbricollesdecleo.com

For 1 main and 2 addons?

Regards,

Monique-Cleo


#8

Sure.
It’s OK.

But the corrected list should be:
*.lesbricollesdecleo.com (as the wildcard includes all the subdomain you mentioned before it)

Thank you


#9

Domain type in cPanel does not matter conflict with the certificate you want to use / request.
The issue is: Do you plan to use subdomains in lesbricoles.com or lesbricollesdecleo.ca?

If you do plan to use it, I would suggest requesting the certificate with the following names:
lesbricoles.com, lesbricollesdecleo.ca, lesbricollesdecleo.com, *.lesbricoles.com, *.lesbricollesdecleo.ca, *.lesbricollesdecleo.com (You need to contain the base domain also to dismiss the potential security error)

Also, if your DNS hosting is on the cPanel server (e.g., edit a DNS record in cPanel server will reflect in the actual DNS), you could go to “Zone Editor” and add the corresponding records to the domains. (Add it to each addon domain name, not to the “mirror address” in your main domain)

Thank you


#10

Oupsss, I think I did it wrong again :frowning:

I just started over at zerossl.com

and added my sites like this:

lesbricollesdecleo.lesbricollesdecleo.com lesbricoles.lesbricollesdecleo.com
lesbricollesdecleo.com

and I already received the account-key.txt and domain-csr.txt transfer them on the server at the root after deleting the extension.txt and now they asked that I add the TXT record to the DNS (that I will have to ask my web host to do it.

So I will have to start over again?
my main site is lesbricollesdecleo.com
then I create first addon: lesbricollesdecleo.ca (in sub-folder) and second addon: lesbricoles.com (in sub-folder)

As for the the Zone Editor I don’t think I have access to that part!

Regards,
Monique-Cleo


#11

The TXT record they asked me to add to the DNS are as follow, does it mean that I did it properly?

_acme-challenge.lesbricoles.lesbricollesdecleo.com EF6AD7MDg_IqjBzuq3vQSXNaPIJmXe2smzr-6viYOTI

_acme-challenge.lesbricollesdecleo.com ZIMpKbkAcJOJzAu3L_E77kMbC-xjuJB5lQsB4XPDaHY

_acme-challenge.lesbricollesdecleo.lesbricollesdecleo.com oYsE-Uv4XjqUp1hZAeuKJgXW-xLipy2L1rmufIFo94U


#12

Hello,

Ok I discover that I have access to the Zone Editor
zone-editor

But I’m not sure about what you said:

add the corresponding records to the domains. (Add it to each addon domain name, not to the “mirror address” in your main domain)

?


#13

Press Manage (“Gerer” in your case), then add a TXT record there.

On the next screen you will see:

http://i.imgur.com/YRhF3dW.png


#14

Ok great, but by looking at the TXT record they gave me do you think I did it ok?


#15

The records they have asked you to create are fine - but you haven’t created them yet.

Make sure you create them in the right place. If you manage your DNS records via cPanel, that’s fine.

If you do it via somewhere else (like your domain registrar), then do it there.


#16

I am not managing my DNS record the web host does it, they just moved the apache server to Litespeed about 1 month ago, and I believe that the DNS are in cpanel because I can see them!

Ps. after I will enter the TXT record they say I can check by entering:

nslookup -q=TXT XXX

Where do I put that? In the address bar of the browser?

Thank you very much for your help.


#17

This is a command to run on the command line in a terminal, especially on a Unix operating system.


#18

Ho, I better ask the web host to do it for me then, anyway I open the zone editor and I am reallly not sure where I should add the TXT record, so in case I would mess something I better ask for help from support!

Thank you everyone for your help.

I will leave it to the web host

Regards,
Monique-Cleo


#19

Hello,

I would really appreciate if someone could make it clear for me.

I’ve been doing the following step for the 3rd time now with the help of my web host and I keep getting error message.

This is what they are asking to do:

Verification

To verify domain ownership using HTTP verification, you will need to create appropriate files with specific text strings under your “webroot/.well-known/acme-challenge/” directory, where “webroot” is the main directory with your website pages. Please make sure that the files you have created are actually accessible (by clicking the links below in the File column) and have proper content before clicking “Next”.

Domain File
lesbricoles.lesbricollesdecleo.com y9vKHy_KfbxWmYsojwRwXy-zfLP69oos5Pculk_WzZ4
Text: y9vKHy_KfbxWmYsojwRwXy-zfLP69oos5Pculk_WzZ4.QeuXCRvsA3cFfcgyvRD3M1WDkNhu7YJ8jdSifjQriQc
lesbricollesdecleo.com 1X_8eqQfqDkN9fHtlQYZ3VCJzmY085OeUpRHFgaAOIY
Text: 1X_8eqQfqDkN9fHtlQYZ3VCJzmY085OeUpRHFgaAOIY.QeuXCRvsA3cFfcgyvRD3M1WDkNhu7YJ8jdSifjQriQc
lesbricollesdecleo.lesbricollesdecleo.com id6BH2G_c9GA5mjjTe_BQq0naiux0yUm93SuiulPWDs
Text: id6BH2G_c9GA5mjjTe_BQq0naiux0yUm93SuiulPWDs.QeuXCRvsA3cFfcgyvRD3M1WDkNhu7YJ8jdSifjQriQc

And this is the result I am getting:

Domain Error
lesbricoles.lesbricollesdecleo.com Invalid response from http://lesbricoles.lesbricollesdecleo.com/.well-known/acme-challenge/JpjWoMA2Tpa-e1_dSfHHuH0sb8ktbfNV1Q5WPmy6LhE: "\n<html style=“height:100%”>\n 404 Not Found\r\n\n<body style=“color: #444; margin:0;font:”
lesbricollesdecleo.com Invalid response from http://lesbricollesdecleo.com/.well-known/acme-challenge/X2W2qpy5NuhimFehKUtWRwA5liE9ybY8OdaTZTT2Ebc: "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/
lesbricollesdecleo.lesbricollesdecleo.com Invalid response from http://lesbricollesdecleo.lesbricollesdecleo.com/.well-known/acme-challenge/zZ3S_Zp9iJFhlL5L9zv7nA6wMDZtoUYl0zUn_TTC1_A: "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/

I really don’t know what we are doing wrong!

Is this the right way to do it?

acme
Regards,

Monique-Cleo


#20

Hi,

One thing that I don’t understand:

Which hostnames are you trying to obtain certificates for?
lesbricollesdecleo.com ?
lesbricollesdecleo.ca ?
lesbricoles.com ?

Or all three?

Thank you