I am getting this error a few times, generally, this error does not occur.
Getting A+ at https://www.ssllabs.com/ssltest/analyze.html?d=ddd.schoolonapp.com
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: ddd.schoolonapp.com
I ran this command:
It produced this output:
My web server is (include version): nginx version: nginx/1.14.0 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 18.04.4 LTS
My hosting provider, if applicable, is: digital ocean
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): acme.sh
Below are files produced by acme.sh
ca.cer schoolonapp.com.conf schoolonapp.com.key fullchain.cer schoolonapp.com.csr schoolonapp.com.cer schoolonapp.com.csr.conf
Below is Nginx config
`
ssl_certificate /root/.acme.sh/schoolonapp.com/fullchain.cer;
ssl_certificate_key /root/.acme.sh/schoolonapp.com/schoolonapp.com.key;
ssl_session_timeout 4h;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE$
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
`
1 Like
Hi @jseeone
checking your domain via https://check-your-website.server-daten.de/?q=ddd.schoolonapp.com#url-checks - you see the problem.
Your certificate
Issuer
not before
not after
Domain names
LE-Duplicate
next LE
Let's Encrypt Authority X3
2020-07-05
2020-10-03
*.schoolonapp.com, schoolonapp.com
2 entries
duplicate nr. 1
Let's Encrypt Authority X3
2020-06-04
2020-09-02
*.schoolonapp.com, schoolonapp.com
2 entries
works with ddd.schoolonapp.com, not with the www-version. Your Ssllabs - check uses the non-www version, so all is ok. But if some users add www, it's insecure.
And you have a wildcard DNS A entry:
Host
Type
IP-Address
is auth.
∑ Queries
∑ Timeout
ddd.schoolonapp.com A
139.59.53.114 Bengaluru/Karnataka/India (IN) - DigitalOcean, LLC No Hostname found
yes
1
0
AAAA
yes
www.ddd.schoolonapp.com A
139.59.53.114 Bengaluru/Karnataka/India (IN) - DigitalOcean, LLC No Hostname found
yes
1
0
AAAA
yes
*.schoolonapp.com
A
139.59.53.114
yes
AAAA
yes
CNAME
yes
*.ddd.schoolonapp.com
A
139.59.53.114
yes
AAAA
yes
CNAME
yes
So the www.ddd - version has an ip address.
Remove the wildcard A record (may be impossible) (or)
create a certificate with the additional www domain name (and the wildcard) and use that.
DNS wildcard -> all deeper domain names are possible
1 Like
Thank you for your response. I will try it.
1 Like
A
@
104.198.14.52
1 Hour
Edit
A
*
139.59.53.114
600 seconds
CNAME www @ 1 Hour
I found these entries only in mu DNS manager. I can’t remove wildcard as i need to serve multiple subdomains. Please suggest me what should be done now. I have used following command.
acme.sh --issue --dns dns_gd -d schoolonapp.com -d *.schoolonapp.com
system
August 9, 2020, 3:17pm
5
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.