Renewing Certificate Fails

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: buddysallstars.com

I ran this command:
certbot certonly --quiet --keep-until-expiring --webroot -w /var/www/ -d buddysallstars.com -d www.buddysallstars.com

It produced this output:
Failed authorization procedure. buddysallstars.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.buddysallstars.com./.well-known/acme-challenge/6kf9Xgb2xtuzE1COJDjeZXT1RcuoVYES94_Q9F-T3Aw: Invalid hostname in redirect target, must end in IANA registered TLD

My web server is (include version):
nginx version: nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 16.04.5 LTS

My hosting provider, if applicable, is:
Amazon Web Services

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.14.2

2

Hi @jon-childs

com is a top level domain. But there is a dot after com, that's wrong. Checking your domain via https://check-your-website.server-daten.de/?q=buddysallstars.com - yep, there is really a curious redirect:

Domainname Http-Status redirect Sec. G
http://buddysallstars.com/
98.124.199.55 302 http://www.buddysallstars.com. 0.364 D
http://www.buddysallstars.com. 301 https://www.buddysallstars.com/ 0.507 A
http://www.buddysallstars.com/
34.215.212.173 301 https://www.buddysallstars.com/ 0.340 A
http://www.buddysallstars.com/
54.71.200.142 301 https://www.buddysallstars.com/ 0.340 A
https://buddysallstars.com/
98.124.199.55 -2 1.514 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 98.124.199.55:443
https://www.buddysallstars.com/
34.215.212.173 200 2.527 I
https://www.buddysallstars.com/
54.71.200.142 200 2.024 I
http://www.buddysallstars.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
34.215.212.173 301 https://www.buddysallstars.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.343 A
Visible Content: 301 Moved Permanently nginx/1.10.3 (Ubuntu)
http://www.buddysallstars.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
54.71.200.142 301 https://www.buddysallstars.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.347 A
Visible Content: 301 Moved Permanently nginx/1.10.3 (Ubuntu)
http://buddysallstars.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
98.124.199.55 -1 0.363 U
Interner Fehler: Unable to read data from the transport connection: The connection was closed.
Visible Content:
https://www.buddysallstars.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 1.680 A
Not Found

The first row - a dot is added. And checking

• http://buddysallstars.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

crashes (looks like a bug in my tool I should fix), but checking that url manual there is the dot:

Location: http://www.buddysallstars.com./.well-known/acme-challenge/1234

So find your port 80 vHost and change your rewrite rule.

3

Hi @JuergenAuer, thanks for your reply! That is a very curious redirect. It’s strange because it is setup as so many of our other sites are. I’ll have to dig for a discrepancy.

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.