View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Certbot / Apache issue
Log in to Ask a Question

Certbot / Apache issue

apache dns certbot

When trying to set up Certbot for SSL certification, I've noticed that instead of the domain name being listed as a FQDN like this:

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: example.com
2: www.example.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel)

it instead lists the domain as XX-XX-XXX-XX.ip.linodeusercontent.com

This of course fails to certify the site because the A and AAAA / DNS records do not match.

I've changed the hostname and changed the /etc/hosts file to include the IPv4 and IPv6 addresses. I've noticed that the Apache config files at /etc/apache2/sites-available and /sites-enabled are still listing as the XX-XX-XXX-XX.ip.linodeusercontent.com.conf

Is there a way to change these files correctly, or an easier way to reset / redo Apache to pick up the new hostname and IPv6 address?

4 Replies

Show us one of your xxx.com.conf domain files from xx.xx.xx.xx/etc/apache2/sites-available/

Maybe that will help us figure it out.

  GNU nano 5.4                                                                                                       XX-XX-XXX-XX.ip.linodeusercontent.com.conf
<VirtualHost *:80>
     ServerAdmin admin@XX-XX-XXX-XX.ip.linodeusercontent.com
     DocumentRoot /var/www/html/
     ServerName XX-XX-XXX-XX.ip.linodeusercontent.com
     ServerAlias www.XX-XX-XXX-XX.ip.linodeusercontent.com
     <Directory /var/www/html/>
        Options +FollowSymlinks
        AllowOverride All
        Require all granted
     </Directory>
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.XX-XX-XXX-XX.ip.linodeusercontent.com [OR]
RewriteCond %{SERVER_NAME} =XX-XX-XXX-XX.ip.linodeusercontent.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Also in /sites-available/ are two files,
XX-XX-XXX-XX.ip.linodeusercontent.com-le-ssl.conf
and
XX-XX-XXX-XX.ip.linodeusercontent.com.conf

Do I just rename the file names and change the contents to the IPv6 address to enable HTTPS?

Why do you have the IP address in the conf file?

Ours look like this… no IP:

<virtualhost *:80="">
# Admin email, Server Name (domain name), and any aliases
ServerAdmin webmaster@newmediacreate.com
ServerName newmediacreate.com
ServerAlias www.newmediacreate.com</virtualhost>

# Index file and Document Root (where the public files are located)
DirectoryIndex index.html index.php
DocumentRoot /var/www/html/newmediacreate.com/public_html

# Log file locations
LogLevel warn
ErrorLog /var/www/html/newmediacreate.com/logs/error.log
CustomLog /var/www/html/newmediacreate.com/logs/access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.newmediacreate.com [OR]
RewriteCond %{SERVER_NAME} =newmediacreate.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

<directory var="" www="">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</directory>

it instead lists the domain as XX-XX-XXX-XX.ip.linodeusercontent.com
 
This of course fails to certify the site because the A and AAAA / DNS records do not match.

Fix your A/AAAA DNS records to associate your domain name(s) with your IP addresses (both IPv4 & IPv6). Wait for the changes to propagate. When ping and ping6 return the right IP address for the domain name (assuming your firewall does not block ICMP echo requests):

stevewi:~ $ ping mydomain.com
PING mydomain.com (xxx.xxx.xxx.xxx): 56 data bytes
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=0 ttl=48 time=42.279 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=48 time=40.928 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=48 time=39.866 ms

and 

stevewi:~ $ ping6 mydomain.com
PING6(56=40+8+8 bytes) yyyy:yyyy:yyyy:yyyy:yyyy:yyyy:yyyy:yyyy --> xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
16 bytes from xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, icmp_seq=0 hlim=48 time=34.799 ms
16 bytes from xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, icmp_seq=1 hlim=48 time=40.773 ms
16 bytes from xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, icmp_seq=1 hlim=48 time=40.775 ms

Redo your certbot and apache2 configurations to use domain names only…no IP addresses…and try again.

This is why God invented DNS…

-- sw

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct