Is it at all possible to change the domain of a certificate? Due to a missunderstanding with the registrar the first domain expired, and I had to change domains. (Site isn’t production yet).
Is it possible to change the domain (from .com to .org) or do I need to create a new certificate? The latter has created an endless series of errors along the lines of urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record
I’ve checked the TXT records with mxlookup and manually and they come out correct according to the letsencrypt process.
I’ve cleared the letsencrypt settings files.
I’ve remove/purged letsencrypt and reinstalled it again.
Either way, since your new domain is the .org, that should be the first one to enter.
@rg305, Those two domains are from two different registrars. They’re definitely not on the same server as one is in Sweden and the other in the USA. But checking the .com domain, the name servers are listed in register.com’s “expireddomains” subdomain… a “holding tank” of expired domains for lack of a better term. But it doesn’t expire until 2020-10-25. Maybe Register.com just hasn’t moved the domain back to “real” name servers yet?
Trying the certonly -d stanza with the .org first produces the same error: Performing the following challenges:http-01 challenge for www.liberalismonline.comInput the webroot for www.liberalismonline.com: (Enter 'c' to cancel): /opt/bitnami/apps/wordpress/htdocsWaiting for verification...Cleaning up challengesFailed authorization procedure. www.liberalismonline.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.liberalismonline.com/.well-known/acme-challenge/ShYG6UIPvR-fSOE5QtBI0Mv2rHL5ayGaIQLCw_YVFtA [208.91.197.44]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.liberalismonline.com Type: unauthorized Detail: Invalid response from http://www.liberalismonline.com/.well-known/acme-challenge/ShYG6UIPvR-fSOE5QtBI0Mv2rHL5ayGaIQLCw_YVFtA [208.91.197.44]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain
208.91.197.44 Road Town/Tortola/British Virgin Islands (VG) - Confluence Networks Inc No Hostname found
no
has a completely different ip address.
It's not relevant if you have a local definition with the com domain name. The public name server must have the correct entry -> you must be the domain owner and you have to change your A entry.
They seem to be on different servers because the registrar has moved the domain to some kind of holding server thingy. They’ve always been on the Amazon web hosting in Germany. The current .org server also has the .com certificate. The only way .com can be on another server is that the registrar is redirecting the domain to their own servers. The main site is on the Germany server.
The main problem is however, how do I remove the .com certificate and replace it with a .org certificate? I keep getting the errors given above no matter what I try to do.
Failed authorization procedure. liberalismonline.org (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "_acme-challenge.liberalismonline.org=mksOnDWiAlTjA7HxynJtYVmwbRM_w7pS0qNezHsPzA0" (and 1 more) found at _acme-challenge.liberalismonline.org, liberalismonline.org (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "_acme-challenge.liberalismonline.org=mksOnDWiAlTjA7HxynJtYVmwbRM_w7pS0qNezHsPzA0" (and 1 more) found at _acme-challenge.liberalismonline.orgIMPORTANT NOTES: - The following errors were reported by the server: Domain: liberalismonline.org Type: unauthorized Detail: Incorrect TXT record "_acme-challenge.liberalismonline.org=mksOnDWiAlTjA7HxynJtYVmwbRM_w7pS0qNezHsPzA0" (and 1 more) found at _acme-challenge.liberalismonline.org Domain: liberalismonline.org Type: unauthorized Detail: Incorrect TXT record "_acme-challenge.liberalismonline.org=mksOnDWiAlTjA7HxynJtYVmwbRM_w7pS0qNezHsPzA0" (and 1 more) found at _acme-challenge.liberalismonline.org To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
and I get
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/liberalismonline.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/liberalismonline.com/privkey.pem Your cert will expire on 2020-03-02. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew all of your certificates, run “certbot renew”
But when I visit the site I see a broken certificate and this
I believe each domain name should be preceded with -d and not have a comma between them.
Did you read the certbot user guide as @JuergenAuer suggested?
Yes, of course it’s a png on ownCloud. And yes it’s my domain/site. The thing is what the png shows - that the domain still claims the certificate is for liberalismonline.com not .org despite the message that certbot changed the domain to .org.
And yes I read the document, the command I used is from the manual, changing example.org to liberalismonline.org. Which I would’ve guessed was obvious due to the status of the command that I posted.
You mean as in post 9?
I've already installed the .com certificate once - there is no docs on how to change it to .org that I found. I could possibly set up a load balancer and install a .org-certificate on that to point to the site. Looks like complete overkill, even if it would be possible.
This is a bit "confusing".
Your asking for certificates for .org whilst calling the cert by a .com name.
There is no .com name in that cert... ~ ~ ~ creating confusion ~ ~ ~