Question

How to redirect a sub-domain to a different droplet?

I had one droplet and a domain.

  • Droplet: 165.232.184.246,
  • Domain: pontres.com

I rebuilt the existing Droplet and added a new one.

Now I have two droplets and a domain.

  • Droplet-1: 167.71.238.180,
  • Droplet-2: 165.232.184.246,
  • Domain: pontres.com

I added four ‘A’ DNS records:

pontres.com: 167.71.238.180,
www.pontres.com: 167.71.238.180,
in.pontres.com: 165.232.184.246,
www.in.pontres.com: 165.232.184.246

When I try to generate a letsencrypt certificate on Droplet-2, I get the following error:

pontresadmin@pontres-main:~$ sudo certbot --nginx -d pontres.com -d www.pontres.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for pontres.com and www.pontres.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: pontres.com
  Type:   connection
  Detail: 165.232.184.246: Fetching http://pontres.com/.well-known/acme-challenge/hbIJEsYdTYO4-tK7vSJDKuRtK3CL-LBj60wrf4g3Pmc: Connection refused

  Domain: www.pontres.com
  Type:   connection
  Detail: 165.232.184.246: Fetching http://www.pontres.com/.well-known/acme-challenge/x9yW9YD7f9s90JomFoRtSWAKpXelf9CI1eeG6KZHqz0: Connection refused

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

When I perform a DNS lookup using pontres.com and in.pontres.com, both points to the Droplet-2 IP.

I want the traffic for pontres.com to be redirected to Droplet-2 and in.pontres.com to be redirected to Droplet-1.

What am I doing wrong?

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
June 28, 2023

Hi there,

It looks like the certificate issue could be due to Nginx not being configured correctly or not running on your Droplet-2. It is crucial to make sure that your Nginx server is correctly set up and running before attempting to generate SSL certificates using Certbot.

Before you proceed, double-check your DNS records. Here’s how they should be:

  • pontres.com A record pointing to the IP of Droplet-2 (165.232.184.246)
  • www.pontres.com A record pointing to the IP of Droplet-2 (165.232.184.246)
  • in.pontres.com A record pointing to the IP of Droplet-1 (167.71.238.180)
  • www.in.pontres.com A record pointing to the IP of Droplet-1 (167.71.238.180)

When you attempt to generate the certificate on Droplet-2, use the -d flag to specify the domain(s) you want the certificate for:

sudo certbot --nginx -d pontres.com -d www.pontres.com

This is telling Certbot that you want a certificate for pontres.com and www.pontres.com. It will try to validate that you own these domains by making a request to them. This request must hit your server (Droplet-2) for validation to succeed.

If the requests can’t reach your server, you’ll see the “connection refused” error that you’re seeing now. Make sure Nginx is running and properly configured to respond to requests for pontres.com and www.pontres.com.

You can verify if Nginx is running with:

sudo systemctl status nginx

Also, check your Nginx server block configuration for pontres.com and www.pontres.com and make sure it’s correct. It should be something like:

server {
    listen 80;
    server_name pontres.com www.pontres.com;

    location / {
        proxy_pass http://localhost:8000;  # Replace with actual configuration
        # ...
    }

    # ...
}

This configuration should be in a file in /etc/nginx/sites-available/, and there should be a symbolic link to that file in /etc/nginx/sites-enabled/.

If your Nginx setup is correct and you’re still having issues, there might be a firewall blocking incoming connections. If you’re using UFW, you can check the status with sudo ufw status verbose and make sure it’s allowing incoming connections on ports 80 and 443.

Let me know how it goes!

Best,

Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

card icon
Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up
card icon
Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.

Learn more
card icon
Become a contributor

You get paid; we donate to tech nonprofits.

Learn more
Featured on Community
Kubernetes CourseLearn Python 3Machine Learning in PythonGetting started with GoIntro to Kubernetes
DigitalOcean Products
CloudwaysVirtual MachinesManaged DatabasesManaged KubernetesBlock StorageObject StorageMarketplaceVPCLoad Balancers
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow – whether you’re running one virtual machine or ten thousand.

Learn more ->
DigitalOcean Cloud Control Panel
Get started for free

Enter your email to get $200 in credit for your first 60 days with DigitalOcean.

New accounts only. By submitting your email you agree to our Privacy Policy.

© 2023 DigitalOcean, LLC.