Redirect Causing Possible Issue

For the “Invalid response from” errors on stanragets.com and www.stanragets.com, check what document roots Certbot is using in /etc/letsencrypt/renewal/stanragets.conf, and compare them to the Apache/Webuzo configuration for https://fineart.stanragets.com/. One side needs to be adjusted.

For the DNS problems, I’m not sure what’s wrong, but I can guess:

$ mhost -cnoS stanragets.com.
stanragets.com.  (unsigned)  10087  A    104.251.218.38
stanragets.com.  (unsigned)  14358  NS   ns1.stanragets.com.
stanragets.com.  (unsigned)  14358  NS   ns2.stanragets.com.
stanragets.com.  (unsigned)  86400  SOA  ns1.stanragets.com. sragets.104.251.218.38. 2017041102 86400 7200 3600000 86400
$ mhost -cnoS d.stanragets.com.
d.stanragets.com.  (unsigned)  14400  A    104.251.218.38
d.stanragets.com.  (unsigned)  14361  NS   ns1.example.com.
d.stanragets.com.  (unsigned)  14361  NS   ns2.example.com.
d.stanragets.com.  (unsigned)  86363  SOA  ns1.example.com. sragets.104.251.218.38. 2017041102 86400 7200 3600000 86400
$ mhost -cnoS design.stanragets.com.
design.stanragets.com.  (unsigned)  14400  A    104.251.218.38
design.stanragets.com.  (unsigned)  14400  NS   ns1.example.com.
design.stanragets.com.  (unsigned)  14400  NS   ns2.example.com.
design.stanragets.com.  (unsigned)  86400  SOA  ns1.example.com. sragets.104.251.218.38. 2017041102 86400 7200 3600000 86400
$ mhost -cnoS fineart.stanragets.com.
fineart.stanragets.com.  (unsigned)  14400  A    104.251.218.38
fineart.stanragets.com.  (unsigned)  14400  NS   ns1.example.com.
fineart.stanragets.com.  (unsigned)  14400  NS   ns2.example.com.
fineart.stanragets.com.  (unsigned)  86400  SOA  ns1.example.com. sragets.104.251.218.38. 2017041102 86400 7200 3600000 86400

It’s unusual, but not inherently problematic, for all of those to be separate zones (instead of just a few A records in the stanragets.com. zone).

But it’s potentially a problem that their NS records are incorrectly set to ns1/2.example.com..

I see a problem:

nslookup -q=ns design.stanragets.com. 8.8.8.8
design.stanragets.com nameserver = ns1.example.com
design.stanragets.com nameserver = ns2.example.com

nslookup -q=ns stanragets.com. 8.8.8.8
stanragets.com nameserver = ns2.stanragets.com
stanragets.com nameserver = ns1.stanragets.com

Well, it works as long as ya don’t listen to the child NS records.

But the CAA is always listening!
…or was that another 3 letter organization?

http://dnsviz.net/d/fineart.stanragets.com/dnssec/

I'm not seeing what needs changed here. Could you clarify please?

I'm also having trouble finding the ns1.example.com in the files on my system.

I’d still like to locate these example name servers and remove them.

So…I cheated a bit to get the ssl cert renewed. Inside webuzo I removed the redirect. certbot renew worked perfectly as soon as I removed the redirection. It would be good to figure out how to fix the issue but at least I got the certificate renewed before it expired.

There should be some unnecessary NS type entries in the DNS zone for the full FQDNs.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.