I removed those entries and now my site appears to be working. Certbot still not able to renew though.
Trying on lukehero.com
A couple of days ago this site worked just fine and all my sites have been running with IPv6 with no issues, not sure what has changed to cause this.
There is the ipv6.
Checked now:
| Host | T | IP-Address | is auth. | ∑ Queries | ∑ Timeout |
|---|---|---|---|---|---|
| lukehero.com | A | 173.255.202.118 | yes | 1 | 0 |
| AAAA | 2600:3c00::f03c:91ff:feb8:11d3 | yes | |||
| www.lukehero.com | A | 173.255.202.118 | yes | 1 | 0 |
| AAAA | 2600:3c00::f03c:91ff:feb8:11d3 | yes |
Linode takes a while to apply DNS changes - your IPv6 address is still present.
One left field fix you can try in each server:
listen 80;
listen [::]:80;
Based on the theory that nginx is not properly routing the virtualhosts for IPv6 sockets.
Oh, that's terrible:
| Domain: | lukehero.com |
|---|---|
| Primary: | ns1.linode.com |
| Mail: | heyluke.pm.me |
| Serial: | 2019022330 |
| Refresh: | 14400 |
| Retry: | 14400 |
| Expire: | 1209600 |
| TTL: | 86400 |
It appears that I can now renew my certs since doing this. Even on sites with IPv6 still enabled.
Now your ipv6 is gone.
| Host | T | IP-Address | is auth. | ∑ Queries | ∑ Timeout |
|---|---|---|---|---|---|
| lukehero.com | A | 173.255.202.118 | yes | 1 | 0 |
| AAAA | yes | ||||
| www.lukehero.com | A | 173.255.202.118 | yes | 1 | 0 |
| AAAA | yes |
And you have a new certificate:
CN=lukehero.com
24.02.2019
25.05.2019
expires in 90 days lukehero.com - 1 entry
But you have both dns entries (www and non-www). So you should create one certificate with both domain names and use that.
Currently, your www version is insecure:
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://lukehero.com/ | ||||
| 173.255.202.118 | 301 | https://lukehero.com/ | 0.300 | A |
| • http://www.lukehero.com/ | ||||
| 173.255.202.118 | 404 | 0.293 | M | |
| Not Found | ||||
| • https://lukehero.com/ | ||||
| 173.255.202.118 | 200 | 6.694 | B | |
| • https://www.lukehero.com/ | ||||
| 173.255.202.118 | 200 | 6.440 | N | |
| Certificate error: RemoteCertificateNameMismatch |
I shall remove the www from my dns.
It looks like things are working now since adding the listen [::]:80; to my sites-enabled files.
Yep, you have two options:
If it is a domain, (2) is preferred. If it is a subdomain, www.+ subdomain isn't really required.
Thank you immensely @_az and @JuergenAuer I am very grateful for your help with this.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.