Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: ptpowdercoat.com
I ran this command: Using Punchsalad.com SSL Certificate Generator
It produced this output :DNS txt records say okay, but can’t get it to verify domain... just spins out in space and then stops.No error message, no french fries, no nothing.
My web server is (include version): Linux CPanel Shared hosted
The operating system my web server runs on is (include version): Linux
My hosting provider, if applicable, is: GoDaddy
I can login to a root shell on my machine (yes or no, or I don't know): I don't know.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): CPanel 86.0.30
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
2 Likes
Welcome to the Let's Encrypt Community 
While I could offer to help you with that service, I would rather just offer you a much better solution. I developed CertSage specifically for GoDaddy cPanel shared hosting users. It's much faster to use (and far more secure) than the service you've mentioned. If you're interested in saving a boatload of time and avoiding a lot of frustration, just let me know.
2 Likes
Your TXT records were created correctly. I'm assuming that you're trying to create a wildcard certificate, which is likely not necessary and may cause you issues later.
If you use CertSage, you don't need to create these TXT records every 60 days AT ALL. You also won't be exposing your server's private key to a third party service (like you probably are now).
2 Likes
Yes, wildcard was recommended by the generating utility site for domain forwarded as a subdomain. Looking for free to start.
2 Likes
I'm checking something... one second.
2 Likes
Why are you using GoDaddy's domain forwarding instead of just putting the actual IP address of your hosting webserver in your DNS A record?
CertSage is completely free, by the way. I want to make sure it will work for you though. Domain forwarding creates a number of problems, which is why I asked the question above.
2 Likes
Existing paid hosting for other domain. Want to use existing space for new domain. Assumed masked forwarding was the way.
2 Likes
Ah. Makes sense. The challenge is that the certificate will need to be installed on the hosting server, not the DNS provider. Is the hosting account to which you are forwarding also hosted with GoDaddy? I'm guessing not based on the nginx response instead of apache.
2 Likes
Yes. Client owns company for first domain. Bought bldg next door, and wants new company website in existing space. Both Godaddy.
2 Likes
Interesting. Is the hosting managed with cPanel? I've just never known GoDaddy to use an nginx webserver.
2 Likes
cPanel is legacy utility available for existing sites. They are downplaying it lately.
2 Likes
So if I'm understanding correctly, you're forwarding ptpowdercoat.com to a subdomain of an existing domain name where that subdomain points to the webroot folder of the content for ptpowdercoat.com. Are you actually using cPanel to manage the webserver configuration or are you managing it directly through the nginx configuration files?
2 Likes
Subdomain setup is via DNS Mgmt area of GoDaddy site... cPanel used to manually install certs, etc. for SSL.
2 Likes
So here's the rub... if you look at the certificate currently being served for https://ptpowdercoat.com, you'll see that it's this:
Since your visitors will initially be connecting to GoDaddy's forwarding server (which CANNOT have your certificate installed on it), your visitors will always receive security warnings, no matter what certificate you install on the hosting.
2 Likes
Possible reconfiguration?:... create a subdomain of 1st domain, point 2nd domain to newly created subdomain area, and then recert the top domain including all sub-domains?
2 Likes
If the certificate were somehow "forwarded" from your hosting webserver, you would likely see a certificate for a random website hosted on that server since server name indication (SNI) wouldn't yet find a certificate for ptpowdercoat.com on that webserver. In that scenario, you could just install a certificate for ptpowdercoat.com on that webserver and be fine. Unfortunately, that's not how SSL works.
2 Likes
Basically, the certificate presented by the webserver MUST match the (sub)domain name in the address bar of a visitor's browser. If not, the certificate is invalid.
3 Likes
Yeah, I figured it was strange when I wrote that... I have been at work for 12 hours, and I think I'm getting fuzzy on my logic.. I am open to any suggestions you may have to solve this dual use of same space. I will check back tomorrow. I am toast for tonight. Thanks.
2 Likes
No worries, my friend. The only true solution is to ensure that the webserver configuration can recognize ptpowdercoat.com. If you have admin access to the hosting webserver, try running sudo nginx -T. If you can see the webserver configuration files, there may be a way to just add ptpowdercoat.com directly, which should work beautifully. You could instead try the "Add-on domains" functionality in cPanel to just add ptpowdercoat.com, which should create a ptpowdercoat.com folder under the public_html folder. The contents of the ptpowdercoat.com website should go in that ptpowdercoat.com folder.
2 Likes
I got certs to work (after upgrading the hosting to deluxe.) So, now about CertSage. What is the scoop? What can it do for cert process?
2 Likes
