Subdomain not secure even after adding dns record

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://turkey.ispaceone.com/

I ran this command:

It produced this output: not secure

My web server is (include version): VPS windows 2019

The operating system my web server runs on is (include version): Windows 2019

My hosting provider, if applicable, is: godaddy

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): plesk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like

Is there a Plesk panel there?

I see a certificate with:

subject=/C=CH/L=Schaffhausen/O=Plesk/CN=Plesk/emailAddress=info@plesk.com
issuer=/C=CH/L=Schaffhausen/O=Plesk/CN=Plesk/emailAddress=info@plesk.com

I don't see an issued cert that covers the subdomain:
crt.sh | ispaceone.com

Adding a DNS record alone it not enough.

3 Likes

yes we are using plesk panel for windows

1 Like

Then follow the instructions on how to use it to secure a subdomain.

2 Likes

we have done all the steps but still its not working

1 Like

Well then, to me, that seems like a Plesk panel problem.

2 Likes

i dont thhink its a plesk issue

in plesk it say that the txt dns record we added cant be found but it does exist and for some reason it cant be found

Which TXT are you talking about?

I see:

ispaceone.com   nameserver = ns37.domaincontrol.com
ispaceone.com   nameserver = ns38.domaincontrol.com

nslookup -q=TXT _acme-challenge.turkey.ispaceone.com ns37.domaincontrol.com
*** UnKnown can't find _acme-challenge.turkey.ispaceone.com: Non-existent domain

nslookup -q=TXT _acme-challenge.turkey.ispaceone.com ns38.domaincontrol.com
*** UnKnown can't find _acme-challenge.turkey.ispaceone.com: Non-existent domain
3 Likes

we added the following dns record but it says that it cant find it:

TXT
acme-challenge.turkey
kgE0DrnyPCIjoRxn23t-evNtCal4qfQhhZDxjkPf_k4
1 Hour

1 Like

we fixed the problem we did it without selecting wildcard while installing the certificate

1 Like

Should be:
_acme-challenge.turkey

nslookup -q=TXT acme-challenge.turkey.ispaceone.com ns38.domaincontrol.com
acme-challenge.turkey.ispaceone.com     text =
        "O9uHW2BSENMILNodCzyBe-XjAVp1zeY-Ab7AGv-tibk"

nslookup -q=TXT _acme-challenge.turkey.ispaceone.com ns38.domaincontrol.com
*** UnKnown can't find _acme-challenge.turkey.ispaceone.com: Non-existent domain
3 Likes

It seems that your wildcard request failed because they require a DNS TXT record to be created and you had a TYPO in that entry [missing the leading underscore].

The subsequent "workaround" (trying to obtain a non-wildcard cert) likely only worked because that did NOT require a DNS change and used HTTP authentication instead.

Note: Although it is a valid solution to this problem, you should "learn" why the previous request failed.
[In the event that you should ever require a wildcard cert, you will be better prepared to get one.]

2 Likes

we actually tried both versions and neither of them worked, so finally had to apply the workaround and then we were able to edit it to make it a wildcard

I don't see any wildcard ever having been issued for that domain:
crt.sh | ispaceone.com

2 Likes

we tried both versions and i have no idea why it didnt work

Something worked.
I suppose it was when using HTTP authentication.

As for the DNS authentication, you need to ensure all authoritative DNS servers are in sync and return the proper TXT record before proceeding with that request.

2 Likes

yeah i dont know how it worked, but can you help me with the following issue -

Please help, our domain is getting redirected to www.https//www.ezmethods.com, and hence, our site is not loading, we have checked our code but could not find any issues, we have also checked server settings and found no problem.

Depending on the ACME client. you should be able to check the logs for it OR see the renewal settings [which would show how it was obtained]

Where is redirection being done?
.htaccess file?
IIS?
Plesk Panel?
[multiple places?]

1 Like

It looks like you may have resolved the redirection issue:

curl -Ii http://ezmethods.com
HTTP/1.1 301 Moved Permanently
Content-Length: 149
Content-Type: text/html; charset=UTF-8
Location: https://www.ezmethods.com/
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Tue, 10 May 2022 01:35:01 GMT

curl -Ii http://www.ezmethods.com
HTTP/1.1 301 Moved Permanently
Content-Length: 149
Content-Type: text/html; charset=UTF-8
Location: https://www.ezmethods.com/
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Tue, 10 May 2022 01:35:07 GMT
2 Likes