I am getting this error a few times, generally, this error does not occur.

Getting A+ at

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version): nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.4 LTS

My hosting provider, if applicable, is: digital ocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Below are files produced by

ca.cer fullchain.cer

Below is Nginx config

ssl on;

    ssl_certificate /root/;

    ssl_certificate_key /root/;

    ssl_session_timeout 4h;

 ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions

ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;


ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;


1 Like

Hi @jseeone

checking your domain via - you see the problem.

Your certificate

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2020-07-05 2020-10-03 *,
2 entries duplicate nr. 1
Let’s Encrypt Authority X3 2020-06-04 2020-09-02 *,
2 entries

works with, not with the www-version. Your Ssllabs - check uses the non-www version, so all is ok. But if some users add www, it’s insecure.

And you have a wildcard DNS A entry:

Host Type IP-Address is auth. ∑ Queries ∑ Timeout A Bengaluru/Karnataka/India (IN) - DigitalOcean, LLC No Hostname found yes 1 0
AAAA yes A Bengaluru/Karnataka/India (IN) - DigitalOcean, LLC No Hostname found yes 1 0
AAAA yes
* A yes
AAAA yes
* A yes
AAAA yes

So the www.ddd - version has an ip address.

  • Remove the wildcard A record (may be impossible) (or)
  • create a certificate with the additional www domain name (and the wildcard) and use that.

DNS wildcard -> all deeper domain names are possible
Certificate wildcard -> only the next label is “wildcard generated”.


Thank you for your response. I will try it.

1 Like
A @ 1 Hour Edit
A * 600 seconds

CNAME www @ 1 Hour

I found these entries only in mu DNS manager. I can’t remove wildcard as i need to serve multiple subdomains. Please suggest me what should be done now. I have used following command. --issue --dns dns_gd -d -d *

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.