Not able to create cert for a domain which is redirected from Godaddy to a subdomain of a different domain


#1

Hey,

I have been using Let’s Encrypt for several projects and thanks for making it free. The current project I am working on is a basically a website builder. There is one main domain and several sub domains, also I am redirecting different domains to different subdomains. I am hosting three servers on ubuntu 16.04 with nginx.

I was able to create the certs for the main domain venuenetwork.info. I am trying to create cert for kvmmysore.in which redirects to dog.venuenetwork.info using Godaddy forwarding.

The nginx configuration for venuenetwork.info is as below

server {
listen 80;
server_name api.venuenetwork.info;
root /home/ubuntu/;
location / {
    #add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT';
    proxy_pass http://localhost:8080;
    }

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/venuenetwork.info/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/venuenetwork.info/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
listen 80;
server_name admin.venuenetwork.info;
root /home/ubuntu/;
location / {
add_header ‘Access-Control-Allow-Origin’ ‘*’;
add_header ‘Access-Control-Allow-Methods’ ‘GET, POST, OPTIONS’;
proxy_pass http://localhost:7000;
}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/venuenetwork.info/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/venuenetwork.info/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
listen 80;
server_name venuenetwork.info .venuenetwork.info;
root /home/ubuntu/;
location / {
proxy_set_header Host $host;
add_header ‘Access-Control-Allow-Origin’ '
’;
add_header ‘Access-Control-Allow-Methods’ ‘GET, POST, OPTIONS’;
proxy_pass http://localhost:3000;
}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/venuenetwork.info/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/venuenetwork.info/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

The above configuration was edited automatically when I ran certbot command - sudo certbot --nginx -d venuenetwork.info -d www.venuenetwork.info

The nginx configuration for kvmmysore.in is as below

server {
listen 80;
server_name kvmmysore.in www.kvmmysore.in;
root /home/ubuntu/;
location / {
proxy_set_header Host $host;
add_header ‘Access-Control-Allow-Origin’ ‘*’;
add_header ‘Access-Control-Allow-Methods’ ‘GET, POST, OPTIONS’;
proxy_pass http://localhost:3000;
}
}

Now when I try to run the command I get the following

sudo certbot --nginx -d kvmmysore.in -d www.kvmmysore.in

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator nginx, Installer nginx

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for kvmmysore.in

http-01 challenge for www.kvmmysore.in

nginx: [warn] conflicting server name “kvmmysore.in” on 0.0.0.0:80, ignored

nginx: [warn] conflicting server name “www.kvmmysore.in” on 0.0.0.0:80, ignored

nginx: [warn] conflicting server name “api.venuenetwork.info” on 0.0.0.0:80, ignored

nginx: [warn] conflicting server name “admin.venuenetwork.info” on 0.0.0.0:80, ignored

nginx: [warn] conflicting server name “venuenetwork.info” on 0.0.0.0:80, ignored

nginx: [warn] conflicting server name “*.venuenetwork.info” on 0.0.0.0:80, ignored

nginx: [warn] conflicting server name “api.venuenetwork.info” on 0.0.0.0:443, ignored

nginx: [warn] conflicting server name “admin.venuenetwork.info” on 0.0.0.0:443, ignored

nginx: [warn] conflicting server name “venuenetwork.info” on 0.0.0.0:443, ignored

nginx: [warn] conflicting server name “*.venuenetwork.info” on 0.0.0.0:443, ignored

Waiting for verification…

Cleaning up challenges

nginx: [warn] conflicting server name “kvmmysore.in” on 0.0.0.0:80, ignored

nginx: [warn] conflicting server name “www.kvmmysore.in” on 0.0.0.0:80, ignored

nginx: [warn] conflicting server name “api.venuenetwork.info” on 0.0.0.0:80, ignored

nginx: [warn] conflicting server name “admin.venuenetwork.info” on 0.0.0.0:80, ignored

nginx: [warn] conflicting server name “venuenetwork.info” on 0.0.0.0:80, ignored

nginx: [warn] conflicting server name “*.venuenetwork.info” on 0.0.0.0:80, ignored

nginx: [warn] conflicting server name “api.venuenetwork.info” on 0.0.0.0:443, ignored

nginx: [warn] conflicting server name “admin.venuenetwork.info” on 0.0.0.0:443, ignored

nginx: [warn] conflicting server name “venuenetwork.info” on 0.0.0.0:443, ignored

nginx: [warn] conflicting server name “*.venuenetwork.info” on 0.0.0.0:443, ignored

Failed authorization procedure. www.kvmmysore.in (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.kvmmysore.in/.well-known/acme-challenge/fP2OonJQ_o8uU45vAToBd1sjo_ymJoxBjKUw6kjPZjk: "<!-- Server: P3PWPARKSTAT05 --><!DOCTYPE html><body style=“padding:0; margin:0;”><html><body><iframe src=“http://mcc.godaddy.com”, kvmmysore.in (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://kvmmysore.in/.well-known/acme-challenge/ZZFOZWwFzZfk2a26dk4l9Z7ZT4AWCQvxspTECXaMwYc: "<!-- Server: P3PWFWD004 --><!DOCTYPE html><body style=“padding:0; margin:0;”><html><body><iframe src=“http://mcc.godaddy.com/par

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: www.kvmmysore.in

Type: unauthorized

Detail: Invalid response from

http://www.kvmmysore.in/.well-known/acme-challenge/fP2OonJQ_o8uU45vAToBd1sjo_ymJoxBjKUw6kjPZjk:

"<!-- Server: P3PWPARKSTAT05 --><!DOCTYPE html><body

style=“padding:0; margin:0;”><html><body><iframe

src=“http://mcc.godaddy.com

Domain: kvmmysore.in

Type: unauthorized

Detail: Invalid response from

http://kvmmysore.in/.well-known/acme-challenge/ZZFOZWwFzZfk2a26dk4l9Z7ZT4AWCQvxspTECXaMwYc:

"<!-- Server: P3PWFWD004 --><!DOCTYPE html><body style="padding:0;

margin:0;"><html><body><iframe src=“http://mcc.godaddy.com/par

To fix these errors, please make sure that your domain name was

entered correctly and the DNS A/AAAA record(s) for that domain

contain(s) the right IP address.

Please let me know how I solve this ? I will be making several such redirections of different domain to the subdomains of venuenetwork.info.


#2

DNS can’t resolve kvmmysore.in.
It does resolve www.kvmmysore.in to:
dog.venuenetwork.info
34.193.93.25

As for getting a cert for a domain that forwards to another via traditional domain forwarding (Godaddy).
I’m pretty sure that will not work.
Because you can’t attach the cert for the first domain to second domain/site.
If it was just straight DNS forwarding, then yes. As long as Godaddy does not terminate the HTTP/HTTPS connections (and then redirect within the html content).


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.