Issues getting certificates Error:400


#1

Hey all,
Trying to add some domains as part of a 301 migration. Managed to get the initial cert with 2 SANs installed, however then attempted to add an additional 6 SANs (vs2, vs3, vs4, www.vs2, www.vs3, www.vs4) looks like all the ones without a www added fine but still left with 3 errors:

2019/02/28 00:10:14 Could not obtain certificates:
acme: Error -> One or more domains had a problem:
[www.vs2.irisdynamics.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem), url:
[www.vs3.irisdynamics.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem), url:
[www.vs4.irisdynamics.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem), url:

I tried to post the whole sting plus all the background questions however apparently a new user cant post something that contains more than 20 dot coms.

Thanks!


#2

Your Namecheap URL forwarding is most likely messing the certificate issuance process up.

Take a look at the way your 301 redirect is working:

$ curl -X GET -IL http://www.vs2.irisdynamics.com/.well-known/acme-challenge/testing-blah-blah
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 28 Feb 2019 01:10:15 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 59
Connection: keep-alive
Location: https://irisdynamics.com
X-Served-By: Namecheap URL Forward

HTTP/1.1 200 OK
Date: Thu, 28 Feb 2019 01:10:16 GMT
Server: Apache
X-Powered-By: PHP/7.0.31
Link: <https://irisdynamics.com/index.php?rest_route=/>; rel="https://api.w.org/", <https://irisdynamics.com/>; rel=shortlink
X-Frame-Options: SAMEORIGIN
X-Mod-Pagespeed: 1.13.35.2-0
Vary: Accept-Encoding
Cache-Control: max-age=0, no-cache, s-maxage=10
Content-Length: 43754
Content-Type: text/html; charset=UTF-8

The entire path of the URL is being lost and it’s just being redirected to your WordPress home page - which simply won’t work.

I think most likely you want to eliminate the Namecheap URL redirect, and point the www domains directly at your webserver.


#3

Thanks!

I was thinking of that however I was under the impression that anything but a 301/302 redirect will cause an SEO penalty with google?
IE if I just point vs2, www.vs2, vs3, www.vs3 to the server and then at the server level redirect that will work fine but Google will think i’m trying to cheat on my SEO and give a penalty… Am I out to lunch on that?


#4

There’s no inherent problem with a redirect, it’s fine to do .The problem is your particular redirect loses the path information, which means the HTTP-01 validation can’t succeed.

This would be OK:

Redirect

http://www.vs2.irisdynamics.com/.well-known/acme-challenge/testing-blah-blah

to

https://irisdynamics.com/.well-known/acme-challenge/testing-blah-blah`

What’s actually happening is this:

Redirect

http://www.vs2.irisdynamics.com/.well-known/acme-challenge/testing-blah-blah

to

https://irisdynamics.com

closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.