Your DNS look up


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:muse.redlight.london

I ran this command:
certbot certonly --webroot -w /Library/Server/Web/Data/Sites/Default/ -d muse.redlight.london --rsa-key-size 4096 -m william@red-light.co.uk

It produced this output:

The following errors were reported by the server:

Domain: muse.redlight.london
Type: connection
Detail: Fetching
https://124.84.251.10.in-addr.arpa/.well-known/acme-challenge/5tNuYGnHIrL3JUjemYMCL9P9KgcRDWPeIxXIfEo9Ykk:
Error getting validation data

My web server is (include version):
Apache

The operating system my web server runs on is (include version):
OS X Server 10.12
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

My Public IP is
muse.redlight.london. 10814 IN A 88.211.111.94


#2

http://muse.redlight.london/ sends an HTTP redirect to https://muse.redlight.london/.

http://muse.redlight.london/.well-known/acme-challenge/ sends an HTTP redirect to https://124.84.251.10.in-addr.arpa/.well-known/acme-challenge/.

The redirects have different Server headers and different HTML, too.

Something’s off with the configuration in one of your web servers.

Presumably it’s a web server running on 10.251.84.124, and it might be redirecting to the SERVER_NAME variable.

Let’s Encrypt is okay with a redirect to HTTPS, but that hostname won’t work.


#3

Even though you server has a wrong redirect the IP https://124.84.251.10 is a Japanese domain you were correct in that there was a redirect so sorting
Thanks

William Bowden | JMRIT Consultants

Consultant Engineer | m:07525 645105 | e:william@jmrit.co.uk


#4

in-addr.arpa names are in the opposite byte order as IPv4 addresses are usually represented, so 124.84.251.10.in-addr.arpa is for 10.251.84.124, which is a private address.


#5

Still not my WAN IP set in DNS how odd

<<>> DiG 9.10.6 <<>> @8.8.8.8 muse.redlight.london

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51149

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;muse.redlight.london. IN A

;; ANSWER SECTION:

muse.redlight.london. 14399 IN A 88.211.111.90

;; Query time: 66 msec

;; SERVER: 8.8.8.8#53(8.8.8.8)

;; WHEN: Thu Oct 25 16:46:27 BST 2018

;; MSG SIZE rcvd: 65

William Bowden | JMRIT Consultants

Consultant Engineer | m:07525 645105 | e:william@jmrit.co.uk


#6

It is, but the web server running on that IP sends a redirect to the other URL.