Issue 2 certificates for 2 different sites using same domain (different subdomains) fails!


#1

Hi,

I have 2 wordpress sites that share same subdomains:

Site1 (/var/www/sites/greenfrogroofing):
innerwest.greenfrogroofing.com.au

Site2 (/var/www/sites/greenfrogroofing1 - not same folder as above) :
www.greenfrogroofing.com.au
greenfrogroofing.com.au

Problem
While I successfully issued a certificate for Site1’s innerwest.greenfrogroofing.com.au domain using http-01 challenge, I am unabled to generate certificate for the 2nd site. I get the following error after running

sudo /opt/letsencrypt/certbot-auto --debug --email admin@example.com --no-eff-email --agree-tos -n --nginx --no-redirect --keep --expand -d greenfrogroofing.com.au -d www.greenfrogroofing.com.au certonly --dry-run

Output

Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for greenfrogroofing.com.au
http-01 challenge for www.greenfrogroofing.com.au
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.greenfrogroofing.com.au
   Type:   unauthorized
   Detail: Invalid response from
   http://www.greenfrogroofing.com.au/.well-known/acme-challenge/_rioMweHnrnRWTUIhV-WR7AgW-1YSIYjq9-XWJARYRQ:
   "<!DOCTYPE html>
   <html lang="en">
       <head>
           <meta charset="utf-8">
           <meta http-equiv="X-UA-Compatible" conten"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I verified the following issues:

  1. No https redirection. I even manually added a file under .well-known/acme-challenge/myfile.txt and successfully read it using http.

The curl output is this:

> curl -i http://www.greenfrogroofing.com.au/.well-known/acme-challenge/myfile.txt
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 22 Apr 2018 08:19:19 GMT
Content-Type: text/plain
Content-Length: 0
Last-Modified: Wed, 18 Apr 2018 16:00:07 GMT
Connection: keep-alive
ETag: "5ad76b87-0"
X-UA-Compatible: IE=Edge
X-Rocket-Nginx-Serving-Static: No
Accept-Ranges: bytes
  1. There is no permission issues. I ran certbot with root command and I even went too far t o give .well-known 777 access but that didn’t help.

NOTES

I tried to install other sites on the server that has different domain (not greenfrogroofing.com.au) but and all works perfectly.

I believe this has something to do with already having a certificate for Site1 that shares same domain (but both sites have different folders and different conf files!)

CONF FILES

Site1:

  server {
      listen 80;
      server_name innerwest.greenfrogroofing.com.au
      root /var/www/sites/greenfrogroofing;
      location / {
          index index.php;
          try_files $uri $uri/ /index.php?q=$uri&$args;
      }
      location ~ \.php$ {
          fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
          fastcgi_index index.php;
          fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
          include fastcgi_params;
      }
      include elemento.conf;
      include h5bp/basic.conf;
      include wp-rocket.conf;
      include wordpress-security.conf;
      access_log /var/log/nginx/greenfrogroofing.access.log;
      error_log /var/log/nginx/greenfrogroofing.error.log;

      listen 443 ssl; # managed by Certbot
      ssl_certificate /etc/letsencrypt/live/innerwest.greenfrogroofing.com.au/fullchain.pem; # managed by Certbot
      ssl_certificate_key /etc/letsencrypt/live/innerwest.greenfrogroofing.com.au/privkey.pem; # managed by Certbot
      include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
      ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  }

Site 2:

server {
    listen 80;
    server_name www.greenfrogroofing.com.au greenfrogroofing.com.au;
    root /var/www/sites/greenfrogroofing1;
    location / {
        index index.php;
        try_files $uri $uri/ /index.php?q=$uri&$args;
    }
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
    include elemento.conf;
    include h5bp/basic.conf;
    include wp-rocket.conf;
    include wordpress-security.conf;
    access_log /var/log/nginx/greenfrogroofing1.access.log;
    error_log /var/log/nginx/greenfrogroofing1.error.log;
}

#2

Your IPv6 and IPv4 addresses for that domain appear to point to completely different hosting services.

Either update your AAAA record to the IPv6 address of your new hosting, or withdraw the AAAA record entirely.

$ curl -X GET -I -6 www.greenfrogroofing.com.au/.well-known/acme-challenge/myfile.txt
HTTP/1.1 404 Not Found
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html; charset=UTF-8
Link: <http://www.greenfrogroofing.com.au/wp-json/>; rel="https://api.w.org/"
Transfer-Encoding: chunked
Date: Sun, 22 Apr 2018 08:57:34 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: Keep-Alive

$ curl -X GET -I -4 www.greenfrogroofing.com.au/.well-known/acme-challenge/myfile.txt
HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 22 Apr 2018 08:57:46 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive

#3

Thanks! It solved it.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.