Initial sign of certificate fails


#1

Hello
After the registration & accept terms step I tried to get an initial certificate. I use the dehyrated script.
The first step, checking domain name, fails.

My domain is:
dev.green-coin-mining.com

I ran this command:

/usr/local/bin/dehydrated/dehydrated -c || echo " ErrorCode $?"

It produced this output:

Processing dev.green-coin-mining.com
+ Checking domain name(s) of existing cert... ErrorCode 1

My web server is (include version):

  • apache2

The operating system my web server runs on is (include version):

  • ubuntu 16.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

  • yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

  • no

Did I miss a step, or did something wrong?


#2

Hi @vizcaia

I don’t use dehydrated, so I don’t know, what dehydrated checks. But checking your domain direct, there is an error (via https://check-your-website.server-daten.de/?q=dev.green-coin-mining.com ):


Domainname Http-Status redirect Sec. G
http://dev.green-coin-mining.com/
95.216.184.50 200 0.414 H
https://dev.green-coin-mining.com/
95.216.184.50 -4 0.157 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
http://dev.green-coin-mining.com:443/
95.216.184.50 200 0.194 Q

Your server produces a “special error” sending https (“unexpected packet format”). So the tool checks if http content is sent via port 443. And yep, that works, a “normal” http status 200 is found.

So dehydrated checks your current ssl settings - and can’t find a https connection.

  • remove the port 443 complete or
  • add a self signed or expired certificate

#3

@lukas2511, based on this it might be useful if dehydrated detected when the user’s existing configuration is serving HTTP on port 443 instead of HTTPS.


closed #4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.