Received 2 certificate(s), first certificate had names


#1

Please fill out the fields below so we can help you better.

My domain is:
http://www.nanneworld.nl

(This is the one I selected during the setup. I have several domain name running on the server. Incl the Domain lappen.nl which is mentioned underneath .

I ran this command:
certbot --apache

It produced this output:
Domain: lappen.nl
Type: unauthorized
Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
Requested
048404b1145f75805b4eb6ca44cef68b.6a39a44d37472acb5a370809f1c5016e.acme.invalid
from 145.131.10.160:443. Received 2 certificate(s), first
certificate had names “*.argewebhosting.nl, argewebhosting.nl

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

My operating system is (include version):
Linux version 3.2.0-4-amd64 (debian-kernel@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.81-2

My web server is (include version):
Server version: Apache/2.4.10 (Debian)
Server built: Sep 15 2016 20:44:43

My hosting provider, if applicable, is:
I have a VPS. But domain name is redirected from the hosing compagnie. “Argewebhosting.nl

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

I receive the above error. And I have an redirect.
I got some A records. e.g. @ A 617 and IP
www A 617 and IP

I hope someone can help me out how to use letsEncrypt in combination with a DNS from an other company. Unfortunately I could not find a answer. Incl the use of DNS challenge :frowning:


#2

You have a VPS but also have a “redirect”? What do you mean with “redirect”?

Because:

  • lappen.nl has the IP address 145.131.10.160 and gives a “404 File Not Found” error;
  • www.lappen.nl has the IP address 149.210.228.205 and redirects to http://www.lappen.nl/auth/login

What does www.nanneworld.nl have to do with this all?


#3

Hello Osiris,

First, thanks for you swift reply.
When I run certbot --apache, I receive a list with multiple domain names. I can make a selection by moving the arrow key and I selected www.nanneworld.nl

So that’s why I wrote the nanneworld.nl

I registred a couple of domain names at argeweb.nl . Incl the name listed above. At argeweb.nl I use the DNS option to “Redirect” these name towards my VPS on 149.210.228.205. I hope I explained it a little bit.

Kr


#4

Well, actually, you selected all the domains. With the space bar, you can toggle the * before the hostnames. I.e., you can switch between [*] (= selected) and [ ] (= not selected).

Anyway, I think with “redirect” you mean something like “point at”, I hope. Because there are also services which are advertised as a redirect service: you type in ‘example.com’ in the browser and the browser will connect to the hosting provider. The hosting provider will provide a very short HTML page with an “iframe” in the page, which has the source pointed to the intended website. As you can read, such a service is quite cumbersome and such a service will not work properly with Let’s Encrypt.
On the other hand, if you use “redirect” like: “I went to the control panel of my DNS provider and I typed in the IP address of my VPS after a specific hostname”, you should be fine.

Still, the IP addresses for lappen.nl and www.lappen.nl differ: are they supposed to point to the same IP address, i.e., your VPS server? I’m guessing the IP address behind www.lappen.nl (149.210.228.205) is the correct one, because I can see a Let’s Encrypt certificate behind it:

osiris@desktop ~ $ echo "" | openssl s_client -connect 149.210.228.205:443 2>/dev/null | openssl x509 -noout -text | grep -A 1 "Subject Alternative Name"
            X509v3 Subject Alternative Name: 
                DNS:efcpw.nl, DNS:lappen.nl, DNS:vinzworld.nl, DNS:www.efcpw.nl, DNS:www.lappen.nl, DNS:www.nanneworld.nl, DNS:www.vinzworld.nl
osiris@desktop ~ $ 

So the reason why lappen.nl doesn’t work: it is pointing to the wrong IP address.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.