Noob stuff. Cert expired, nobody seems to be able to help me fix

My domain is: www.allandbyallo.com

My hosting provider, if applicable, is: I’m hosting with https://tmdhosting.com but my homepage is hosted by SquareSpace. GoDaddy domain redirects allandbyallo.com to squarespace, but everything else is on TMD (email, webmail, cpanel etc). This is where the problems lies.

I can login to a root shell on my machine (yes or no, or I don’t know): no idea.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
yes, cPanel.

Hey guys. I don’t know much about this stuff but I wanted to install LetsEncrypt as a solution, but wasn’t able to. Attaching screen shot. Each cust. support agent directs me to the other company, nobody wants to actually tell me how to resolve this. Help is greatly appreciated :confused: I’m not really all that savvy with this stuff.

Domain: GoDaddy
Hosting/email: TMDHosting… but…
Homepage host: Squarespace (dns redirect), subdomain - music.allandbyallo.com hosted at TMD.

Thanks in advance for your time :slight_smile:
Alland10

Unfortunately you have found yourself in a scenario that doesn’t work so well.

The crux of the issue is that in order to issue that certificate in cPanel, the primary domain must be included on the certificate.

In your case, the primary domain is delegated to Squarespace.

As a result, you aren’t able to issue the certificate from cPanel.

The one suggestion I can make to you is that if you can delegate your domain’s nameservers to TMDHosting (rather than GoDaddy as you have it currently), you would be able to use DNS-01 validation from cPanel to issue your certificate, including for the primary domain which is delegated to Squarespace.

If you do choose to do that, you can still point your primary domain to Squarespace … just the nameservers will be different.


Here’s a rundown of the changes I think you’d need to make:

  1. Login to GoDaddy and change your nameservers from ns31.domaincontrol.com, ns32.domaincontrol.com to:

    • ns1.tmd.cloud
    • ns2.tmd.cloud

    What this achieves is that it moves control of your DNS from GoDaddy to TMD, which enables the cPanel Let’s Encrypt facility to issue certificates even if you point your website at Squarespace.

  2. Login to cPanel and add/change the A records for www.allandbyallo.com and allandbyallo.com (in Zone Editor) to the Squarespace IP addresses (which you can find here).

    What this achieves is pointing your website back to Squarespace, since in step 1, we temporarily pointed it back to TMD’s cPanel hosting.

  3. In cPanel, try to issue the SSL certificate as you did before, but make sure to select “dns-01” (rather than the default “http-01”) on the user interface before you press “Issue”.

    What this achieves is issuing the certificate using a different mechanism (DNS), which avoids running into the problem of you having your web hosting split up between TMD and Squarespace.

1 Like

Hi @allandbyallo

looks like you use a not working configuration.

Your main domain - https://check-your-website.server-daten.de/?q=allandbyallo.com

Host T IP-Address is auth. ∑ Queries ∑ Timeout
allandbyallo.com A 198.49.23.144 New York/United States (US) - Squarespace, Inc. No Hostname found yes 1 0
A 198.49.23.145 New York/United States (US) - Squarespace, Inc. No Hostname found yes 1 0
A 198.185.159.144 New York/United States (US) - Squarespace, Inc. No Hostname found yes 1 0
A 198.185.159.145 New York/United States (US) - Squarespace, Inc. No Hostname found yes 1 0
AAAA yes

There is an expired cPanel certificate:

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-07-05 2019-10-03 allandbyallo.com
1 entries
Let's Encrypt Authority X3 2019-07-05 2019-10-03 www.allandbyallo.com
1 entries
Let's Encrypt Authority X3 2019-05-06 2019-08-04 allandbyallo.com
1 entries
Let's Encrypt Authority X3 2019-05-06 2019-08-04 www.allandbyallo.com
1 entries
cPanel, Inc. Certification Authority 2019-04-22 2019-07-22 allandbyallo.com, cpanel.allandbyallo.com, mail.allandbyallo.com, webdisk.allandbyallo.com, webmail.allandbyallo.com, www.allandbyallo.com
6 entries

But you use the Letsencrypt certificate with one domain name.

Your music - subdomain - https://check-your-website.server-daten.de/?q=music.allandbyallo.com

Different place:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
music.allandbyallo.com A 184.154.206.7 Chicago/Illinois/United States (US) - SingleHop LLC Hostname: s950.tmd.cloud yes 1 0

And a blocked /.well-known/acme-challenge

Domainname Http-Status redirect Sec. G
--- --- --- --- ---
http://music.allandbyallo.com/
184.154.206.7 403 0.250 M
Forbidden
https://music.allandbyallo.com/
184.154.206.7 -14 10.014 T
Timeout - The operation has timed out
http://music.allandbyallo.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
184.154.206.7 403 0.236 M
Forbidden
Visible Content: Invalid URI /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

So: What client do you use on that subdomain?


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.