IPv6 Certificate not valid for domain name , IPv4 is correct

Help
#1

Hi all,

We have some issue related to IPv6, but when I do a SSL report (https://www.ssllabs.com/ssltest/analyze.html?d=runtrainer.com&hideResults=on) I get a ‘Certificate no valid for domain name’. The IPv4 is giving a proper A grade (which is good)

My domain is:
https://runtrainer.com

I ran this command:
Direct Admin > SSL certificate > Free certificate
It produced this output:
Requesting new certificate order…
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/4360021394
Processing authorization for ftp.runtrainer.com
Challenge is valid.
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/4360021397
Processing authorization for mail.runtrainer.com
Challenge is valid.
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/4360021400
Processing authorization for pop.runtrainer.com
Challenge is valid.
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/4360021401
Processing authorization for runtrainer.com
Challenge is valid.
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/4360021405
Processing authorization for smtp.runtrainer.com
Challenge is valid.
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/4360021407
Processing authorization for www.runtrainer.com
Challenge is valid.
Generating 4096 bit RSA key for runtrainer.com
openssl genrsa 4096 > “/usr/local/directadmin/data/users/runtrainer/domains/runtrainer.com.key.new”
Generating RSA private key, 4096 bit long modulus
…++
…++
e is 65537 (0x10001)
Checking Certificate Private key match… Match!
Certificate for runtrainer.com has been created successfully!

My web server is (include version):
CentOS 7 with DirectAdmin

The operating system my web server runs on is (include version):
CentOS 7 with DirectAdmin

My hosting provider, if applicable, is:
TransIP.nl

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes, DirectAdmin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
LetsEncrypt 1.1.39

1 Like
#2

So you’ve only used DirectAdmin for the issuance of your certificates?

Have you also only used DirectAdmin for the configuration of your sites? Does DirectAdmin have any control over the IPv4 / IPv6 configuration of nginx? Because to me, it seems your IPv6 configuration of nginx isn’t correct. Or at least the certificate isn’t installed there for some reason.

1 Like
#3

Hi, You might be onto something. DNS settings are via a webcontrol config. The rest is setup by CentOS SSH / Directadmin. Any idea how I can check my NGINX IPv6 settings?

1 Like
#4

Well, that’s quite a difference: editing configuration files or running scripts yourself through SSH or point 'n click in DirectAdmins panel. Did you make manual configuration file edits?

1 Like
#5

Ok, problem solved. Osiris got me thinking.

The problem was directadmin wasn’t linked properly to support IPv6. Via Directadmin > IP management > Click the IPv4 address that’s linked already. Then afterwards, selected the IPv6 and have the ‘add to dns’ and ‘add to apache’ checkboxes checked and press ‘Link’. This will apply the IPv6 and settings to apache/DNS.

After checking SSL lab it gives IPv6 as grade A and IPv4 as grade A.

3 Likes
#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.