Issue with adding subdomain to existing config, nginx webroot method


#1

Please fill out the fields below so we can help you better.

My domain is: itsec.im

I ran this command: certbot certonly --webroot -w “/var/www/html” -d itsec.im -d www.itsec.im

It produced this output: - The following errors were reported by the server:

Domain: www.itsec.im
Type: unauthorized
Detail: Invalid response from
http://www.itsec.im/.well-known/acme-challenge/SVUgJHLmngn15-cdvyZXEC4kuupFi8AQOX8GM9OBL68:
"

<html class="ie ie7 oldi" To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. My operating system is (include version): Debian 8 My web server is (include version): nginx 1.6.2 My hosting provider, if applicable, is: Digital Ocean I can login to a root shell on my machine (yes or no, or I don't know): yes I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no Hi Guys Created the first cert fine for the non-www domain. Later realised I should have included www! My renew command works (which just renews the non-www). Nginx is set up to redirect http to https, excluding the lets-encrypt folder: server { listen 80; server_name itsec.im www.itsec.im; location /.well-known { alias /var/www/html/.well-known; } location / { return 301 https://itsec.im$request_uri; } } If I create a file inside /var/www/html/.well-known I can curl it from my other server using either www. or non-www. Not entirely sure what I'm missing here! Thanks

#2

The DNS records for www.itsec.im point to a different IP:

➜  ~ dig itsec.im A
;; ANSWER SECTION:
itsec.im.		10800	IN	A	95.85.12.112
➜  ~ dig www.itsec.im A
;; ANSWER SECTION:
www.itsec.im.		10800	IN	CNAME	webredir.vip.gandi.net.
webredir.vip.gandi.net.	34134	IN	A	217.70.184.38

You’ll probably want to chang that to be point to the same IP (or CNAME to itsec.im), otherwise domain validation won’t work.


#3

It’s an awful feeling when you realise you’re an idiot :sweat:

Thanks! I really should have spotted that.

EDIT: Confirmed working now. Thanks again. I feel a bit silly.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.