Subdomain renew error

bvo · June 28, 2019, 8:54am

Hi,
I have a synology NAS, with a apache (2.4) and PHP (7.2) webserver with wordpress (5.2.2) running.
My domain is basenmandy.nl
I have a subdomain static.basenmandy.nl via a virtual host.

Everything worked fine, also serving static content from the subdomain. Now I have to renew my certificate and this gave me a connection error.

I tried to install new certificate for basenmandy.nl, www.basenmandy.nl and static.basenmandy.nl. This works fine for the domain and www subdomain, but doen’t work for the static subdomain.

In trying I deleted the (working but almost outdated) cerfiticate ( :() and cant get a new certificate for the static subdomain, so my website is a mess right now.

Any suggestions?

Kind regards,
Bas

JuergenAuer · June 28, 2019, 9:21am

Hi @bvo

the subdomain has ipv4- and ipv6 - addresses ( https://check-your-website.server-daten.de/?q=static.basenmandy.nl ):

Host	T	IP-Address	is auth.	∑ Queries	∑ Timeout
static.basenmandy.nl	A	62.251.84.234
Hilversum/North Holland/NL	yes	1	0
	AAAA	2001:981:4465:1:cd9:803c:2a8a:5833
Amsterdam/Noord-Holland/NL	yes
www.static.basenmandy.nl		Name Error	yes	1	0

But your ipv4 works, your ipv6 has a timeout:

Domainname	Http-Status	redirect	Sec.	G
• http://static.basenmandy.nl/
62.251.84.234	301	https://static.basenmandy.nl/	0.040	A

• http://static.basenmandy.nl/
2001:981:4465:1:cd9:803c:2a8a:5833	-14		10.027	T
Timeout - The operation has timed out

• https://static.basenmandy.nl/
62.251.84.234	200		0.550	N
Certificate error: RemoteCertificateNameMismatch

• https://static.basenmandy.nl/
2001:981:4465:1:cd9:803c:2a8a:5833	-14		10.027	T
Timeout - The operation has timed out

• http://static.basenmandy.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
62.251.84.234	301	https://static.basenmandy.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	0.037	A
Visible Content: 301 Moved Permanently nginx

• http://static.basenmandy.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2001:981:4465:1:cd9:803c:2a8a:5833	-14		10.027	T
Timeout - The operation has timed out
Visible Content:

• https://static.basenmandy.nl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	-14		10.026	T
Timeout - The operation has timed out
Visible Content:

That's critical because Letsencrypt prefers ipv6.

So you have two options:

remove the ipv6 AAAA entry, create a certificate, then fix your ipv6 configuration (or)
fix your ipv6 directly

Do you have a

Listen [::]:80
Listen [::]:443

directive?

bvo · June 28, 2019, 10:42am

Thanks JuergenAuer!!

What option is preffered? To fix ip6 directly?
And, how do I do that. where to start? In domain hosting (strato), in router, in synology/dsm (virtual host)…?
And where can I look for the listen directive; in synology/webstation/apache?

bvo · July 7, 2019, 5:30am

Problem solved. There was a wrong AAAA record at the domain host; I changed it and everything works like a charm. No idea why this wasn’t a problem before…

system · August 6, 2019, 5:30am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.