My domain is: bhavikji.com I have created a subdomain demoapi.bhavikji.com it was working fine but suddenly it stops this is the second time it is happening
I ran this command: sudo certbot --apache -d demoapi.bhavikji.com to create a new certificate and where I got the success message, the server is working on ubuntu 18.04
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Certbot 0.26.1
What should I do it is working fine on the main domain but I am facing these issues on subdomains.
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
Ipv6 + http has a redirect, ipv4 + http not. https + ipv6 is wrong, port 443 answers with http content (instead of https).
Is your ipv6 configured? If not, remove the ipv6 address.
https works only with ipv4 correct.
But your /.well-known/acme-challenge is redirected to https. Letsencrypt prefers ipv6, a wrong certificate isn't a problem. Sending http over port 443 is a problem.
A DNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
The subdomain check-your-website.server-daten.de doesn't have a www-version www.check-your-website.server-daten.de, there would be the same "Name Error".
there it is listening to correct ports the entire file looks like
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
and I am pretty sure that vhosts are pointed to the same port as in conf files (demoapi.bhavikji.com.conf points to *:80) and whereas (demoapi.bhavikji.com-le-ssl.conf points to 206.189.141.216:443)
If you want to use both IPv4 and IPv6, you will need to include both.
Change the vhost block like:
<VirtualHost *:80 [::]:80>
or
<VirtualHost *:443 [::]:443>
And don't include the port after a servername.
Like: servername www.mydomain:443
[this is bad practice]
@rg305 I have subdomains so for I can't put *:443 I put the port after ip in vhost. however even after that the ports are redirecting correctly but I am facing the issue.
I don't understand what "subdomains" have to do with IP:port bindings.
Ok,then if you need both IPv4 and IPv6, then put both your IPs and their ports in the vhost block:
Something like this example (change to your IPs):
<VirtualHost 4.3.2.1:80 [2001:4321:abcd::1ab2]:80>
[but this is usually not recommended for reasons like IPs can change, what if the real IP is NOT on the host (host is behind NAT)]
It really is much simpler to use * than to type the IPs into every vhost block.
[and it is far too easy to making a typing mistake - especially with long IPv6 addresses]
@rg305 earlier I was facing issue in redirection so to avoid that I have to put IP in vhost for subdomain because even from subdomain it was redirecting back to main domain. what are the best practices to working with subdomains?
That sounds like the redirection is not correct.
I would start looking at that first.
Make sure it does exactly what you want it to do, then continue with cert request(s).
You can show the redirections here if you need help (or opinion) with them.
@rg305 when first I created subdomain it was redirecting back to main domain I had words with DO and they told me there is some issue in SSL which I figured out that vhost is redirecting all request to main domain using *:443 to fix that thing I added ipv4 with :443 request now I am facing this issue which I have added here. I have 2 subdomains and none of them is working properly.