Http to https not working over nginx

napestershine · April 20, 2019, 11:54am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: gofooddy.com

My web server is (include version):nginx/1.15.7

The operating system my web server runs on is (include version): debian 9

My hosting provider, if applicable, is: linode

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

I tested on https://www.whynopadlock.com/results/f0deed05-cdc2-462d-bf06-b3c7bd36d806

but it seems giving some problems. Any ideas how to fix them?

Thanks
Manoj Kumar

JuergenAuer · April 20, 2019, 12:08pm

Hi @napestershine

there are some problems ( https://check-your-website.server-daten.de/?q=gofooddy.com ):

You have ipv4 and ipv6 addresses:

Host	T	IP-Address	is auth.	∑ Queries	∑ Timeout
gofooddy.com	A	45.79.105.213	yes	1	0
	AAAA	2600:3c01::f03c:91ff:fe11:fd17	yes
www.gofooddy.com	A	45.79.105.213	yes	1	0
	AAAA	2600:3c01::f03c:91ff:fe11:fd17	yes

but your ipv6 doesn't answer.

Domainname	Http-Status	redirect	Sec.	G
• http://gofooddy.com/
45.79.105.213	301	https://gofooddy.com/	0.340	A

• http://gofooddy.com/
2600:3c01::f03c:91ff:fe11:fd17	-14		10.027	T
Timeout - The operation has timed out

• http://www.gofooddy.com/
45.79.105.213	404		0.343	M
Not Found

• http://www.gofooddy.com/
2600:3c01::f03c:91ff:fe11:fd17	-14		10.027	T
Timeout - The operation has timed out

• https://www.gofooddy.com/
45.79.105.213	301	https://gofooddy.com/	1.773	N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors

• https://gofooddy.com/
45.79.105.213	200		2.843	N
Certificate error: RemoteCertificateChainErrors

• https://gofooddy.com/
2600:3c01::f03c:91ff:fe11:fd17	-14		10.027	T
Timeout - The operation has timed out

• https://www.gofooddy.com/
2600:3c01::f03c:91ff:fe11:fd17	-14		10.027	T
Timeout - The operation has timed out

• http://gofooddy.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
45.79.105.213	301	https://gofooddy.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.343	A
Visible Content: 301 Moved Permanently nginx/1.15.7

• http://gofooddy.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2600:3c01::f03c:91ff:fe11:fd17	-14		10.024	T
Timeout - The operation has timed out
Visible Content:

• http://www.gofooddy.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
45.79.105.213	404		0.343	A
Not Found
Visible Content: 404 Not Found nginx/1.15.7

• http://www.gofooddy.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2600:3c01::f03c:91ff:fe11:fd17	-14		10.027	T
Timeout - The operation has timed out
Visible Content:

• https://gofooddy.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	-14		10.026	T
Timeout - The operation has timed out

If you use http-01 validation, Letsencrypt checks a file in /.well-known/acme-challenge and prefers ipv6, so that can't work.

And your certificate is expired:

CN=gofooddy.com
	28.12.2018
	28.03.2019
23 days expired	gofooddy.com - 1 entry

And there are some timeouts loading included files, perhaps a spam detection that blocks.

So:

Fix your ipv6 or remove the ipv6 dns entry
create a new certificate and install it

system · May 20, 2019, 12:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.