SSL on subdomain | nginx, proxypass, local web server


#1

I’ve already activated an SSL cert through Let’s Encrypt on my domain (anomaly.exposed, www.anomaly.exposed) however I added a subdomain “lolisafe”. Lolisafe is a file uploading service which runs on localhost:9999 with a local web server on nodejs.

Domain: lolisafe.anomaly.exposed
Type: connection
Detail: DNS problem: SERVFAIL looking up A for
lolisafe.anomaly.exposed

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

My nginx.conf, site.conf, and lolisafe.conf can be found on my github. Of course certain location blocks have been removed for security reasons (things like phpmyadmin, private directories, etc) but the important bits are there.

I think I’m supposed to use the --webroot option? But I’m not too sure.

If you’re running a local webserver for which you have the ability to modify the content being served, and you’d prefer not to stop the webserver during the certificate issuance process, you can use the webroot plugin

I don’t mind shutting the server down to run certbot again but I still don’t know if that will work and I can’t really test this because of the rate limit set by Let’s Encrypt.


#2

Your authoritative nameservers (pdns1.registrar-servers.com., pdns2.registrar-servers.com.) delegate lolisafe.anomaly.exposed. to … itself … in addition to sending an A record.

;; AUTHORITY SECTION:
lolisafe.anomaly.exposed. 300   IN      NS      lolisafe.anomaly.exposed.

;; ADDITIONAL SECTION:
lolisafe.anomaly.exposed. 300   IN      A       76.122.98.37

However, that server does not seem to run a nameserver.

I think you need to withdraw that NS record, or at least tell us what the intended DNS setup is so we can guide you towards a correct setup.

Your questions about the web server setup are a bit premature to address until Let’s Encrypt can correctly resolve your domain, which is where it’s currently stuck.


#3

Removing the NS record did the job :smiley:

All three go to SSL now and are secure, (anomaly,www,lolisafe). Thanks a bunch!


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.