Sites still goes to ip address

Help
1

Hello everyone in the LE community! I am trying to secure 2 servers running Ubuntu 16.04, but I am running into issues with them. With one server, I can connect to the site with the domain name, yet it still says it’s not secure. After using whynopadlock.com it tells me that the common name does not match the hostname. I have checked all of my apache config files, and I don’t see the ip address anywhere it could be confused. The site address is genesisland.net, and here is the 000-default.conf:

<VirtualHost *:80>
    ServerName genesisland.net

    ServerAdmin nickd@miyuholdings.com
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Redirect "/" "https://genesisland.net/"
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =genesisland.net
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

And here is the default-ssl.conf:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
            ServerAdmin nickd@miyuholdings.com
            ServerName genesisland.net

            DocumentRoot /var/www/html

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

            SSLEngine on
            SSLCertificateFile /etc/letsencrypt/live/genesisland.net/fullchain.pem
            SSLCertificateKeyFile /etc/letsencrypt/live/genesisland.net/privkey.pem

            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>

            BrowserMatch    "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

            Include /etc/letsencrypt/options-ssl-apache.conf
    </VirtualHost>

Now on to my other website. When I go to the domain name, it just goes right to the IP address still. As with the same above, I have changed all ServerName entries with the domain name. The domain for the site is sudoreum.com.
Here is the 000-defualt.conf:

<VirtualHost *:80>
    ServerName sudoreum.com

    ServerAdmin nickd@miyuholdings.com
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Redirect permanent  "/" "https://sudoreum.com/"
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =haracoin.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

and the default-ssl.conf:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin nickd@miyuholdings.com
        ServerName sudoreum.com
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
            SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch      "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

        SSLCertificateFile /etc/letsencrypt/live/sudoreum.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/sudoreum.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
    </VirtualHost>
</IfModule>

Any help would be appreciated, and if there is any more info needed, please let me know! Thank you for your time!

2

This website is not working for me at the moment.

This looks like the Site URL in WordPress is set incorrectly. Go into the WordPress administration interface and to the Settings page and update the Site URL to the correct value and it should stop redirecting visitors.

The other site may have the exact same issue if it also runs WordPress.

3

Ok, that makes sense. I have tried genesisland.net recently (even after clearing cache), and it still loads for me

4

Well, it isn’t broken for just me, it seems to be broken for everyone using Google Public DNS.

But strangely, www works even though it is a CNAME to the apex domain!

$ dig a genesisland.net

; <<>> DiG 9.11.1-P3 <<>> a genesisland.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18628
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;genesisland.net.               IN      A

;; AUTHORITY SECTION:
genesisland.net.        599     IN      SOA     ns19.domaincontrol.com. dns.jomax.net. 2017111602 28800 7200 604800 600

;; Query time: 91 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Nov 16 13:03:12 MST 2017
;; MSG SIZE  rcvd: 112

$ dig a www.genesisland.net

; <<>> DiG 9.11.1-P3 <<>> a www.genesisland.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16202
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.genesisland.net.           IN      A

;; ANSWER SECTION:
www.genesisland.net.    21599   IN      CNAME   genesisland.net.
genesisland.net.        3599    IN      A       198.199.110.196

;; Query time: 173 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Nov 16 13:03:24 MST 2017
;; MSG SIZE  rcvd: 78

I cannot reproduce this with some online DNS debugging tools so hopefully it will go away when Google evicts your donains from their cache.

EDIT: I saw it was working with dig, cleared Chrome’s DNS cache, and by then it had stopped working again.

$ dig a genesisland.net

; <<>> DiG 9.11.1-P3 <<>> a genesisland.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43441
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;genesisland.net.               IN      A

;; ANSWER SECTION:
genesisland.net.        3599    IN      A       198.199.110.196

;; Query time: 193 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Nov 16 13:16:20 MST 2017
;; MSG SIZE  rcvd: 60

$ dig a genesisland.net

; <<>> DiG 9.11.1-P3 <<>> a genesisland.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60193
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;genesisland.net.               IN      A

;; AUTHORITY SECTION:
genesisland.net.        437     IN      SOA     ns19.domaincontrol.com. dns.jomax.net. 2017111602 28800 7200 604800 600

;; Query time: 2083 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Nov 16 13:19:16 MST 2017
;; MSG SIZE  rcvd: 112

I suspect one, but not all, of your authoritative nameservers are acting up. I’ll investigate further.

5

Moved this to “Help” topic instead of “Server”.

6

I think I see the problem. A co-worker had done some work on the front page and had used some assets that still had the link to the ip address. I am going through and cleaning up the link addresses. Thank you for your help in figuring out what was wrong!

7

The DNS Check at Pingdom reports that the reverse DNS for some of Digital Ocean’s nameservers (which your website uses) is not working. It’s possible that Google Public DNS is more strict about checking this than some other resolvers.

Please contact Digital Ocean support and inform them that the DNS Check at Pingdom is reporting errors with their DNS servers, that these errors seem to be causing Google Public DNS to fail to resolve domains, and that at least one person can’t access your site because of this.

I’m glad you got the issue you came here with sorted out though! :grinning:

1 Like
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.