Is letsencrypt breaking my script ??

April 19, 2018 403 views
Let's Encrypt Ubuntu 16.04

So, I have a problem …

I have a tracking script installed on a digital ocean server … it’s called CPVlab. It enables me to track clicks and gives me statistics on the click. What it does is catch info on a user and their behavior and it can rotate landing pages for split testing those landing pages. This is all done through internal redirects on the domain the script is installed on.

Let’s say it’s installed on : tracker.com

Another feature of the script is : I can enter an A record in the DNS I use and call it someothername.com and point it to the IP adres of the** tracker.com**.

This way, one can use different domains (tracking domains) in order to not have the main installation domain visible. This helps with customizing the look of different marketing campaigns (you don’t want them all to look like : tracker.com/?querystuff)…

So here’s the problem : It all used to work fine without https:// … But after installing LETSENCRYPT (through an EASYENGINE command for both tracker.com as well as tracking domains) the explained feature doesn’t work anymore.

When using http://someothername.com as an A record pointing to tracker.com, the server shows me a 404 not found status. And when I use a https://someothername.com as an A record pointing to the script, it tells me the connection is not secure. This while both domains have https certificates and they work if I put them in the browser direct. (it will show https).

However when I don’t use this tracking domain feature and just use the plain https://tracker.com domain, it works perfectly.

Maybe this question is a bit far out, but does anyone have an idea if this is realted to letsencrypt ? I added the certificates through EE a few months ago, and I know EE uses certbot. However I am thinking that this problem may have something to do with letsencrypt not supporting wildcards at the time of install. Maybe this tracking script is designed in some way that the main domain uses the tracking domains as some sort of sub domain ?

Anyone have an idea about this ? I am definately STUCK here…

Thanks, Lex

2 Answers

To help you with this it would be helpful to see your Nginx configuration for these domains. If you can share the contents of the files in your /etc/nginx/sites-enabled folder it will allow us to review the redirects and note any differences between your http and https configurations.

  • Ofcourse … There are basically two domains that are playing a role here … the maindomain (where the script is installed) and the domain that is used in order to mask the main domain (tracking domain). The main domain is secured with LE and the tracking domain I’ve tried both secured with LE and unsecured…

    Maindomain : etc/nginx/sites-enabled/maindomain.com (where the script is installed)

    server {
    
        server_name maindomain.com   www.maindomain.com;
    
    
        access_log /var/log/nginx/maindomain.com.access.log rt_cache;
        error_log /var/log/nginx/maindomain.com.error.log;
    
        root /var/www/maindomain.com/htdocs;
    
        index index.php index.html index.htm;
    
        include common/php.conf;
    
        include common/locations.conf;
        include /var/www/maindomain.com/conf/nginx/*.conf;
    }
    

    included file ( /var/www/maindomain.com/conf/nginx/*.conf;) (this is an ssl.conf file)

    
    ssl on;
    ssl_certificate     /etc/letsencrypt/live/maindomain.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/maindomain.com/privkey.pem;
    Force ssl (etc/nginx/conf.d/force-ssl-maindomain.com.conf
    
    server {
            listen 80;
            server_name www.maindomain.com maindomain.com;
            return 301 https://maindomain.com$request_uri;
    }
    

    Force ssl (etc/nginx/conf.d/force-ssl-maindomain.com.conf

    
    server {
            listen 80;
            server_name www.maindomain.com maindomain.com;
            return 301 https://maindomain.com$request_uri;
    }
    

    So, this works if I keep it all on the maindomain.com … but once I add a tracking domain into the mix, I get the error messages. Personally, I don’t see anything weird with the setup, but it might just be the way the script deals with it ?

Hi Ryan ..

Ofcourse .. There are basically two domains that are playing a role here ... the maindomain (where the script is installed) and the domain that is used in order to mask the main domain (tracking domain). The main domain is secured with LE and the tracking domain I've tried both secured with LE and unsecured..

Maindomain : etc/nginx/sites-enabled/maindomain.com (where the script is installed)


server {

    server_name maindomain.com   www.maindomain.com;


    access_log /var/log/nginx/maindomain.com.access.log rt_cache;
    error_log /var/log/nginx/maindomain.com.error.log;


    root /var/www/maindomain.com/htdocs;

    index index.php index.html index.htm;

    include common/php.conf;

    include common/locations.conf;
    include /var/www/maindomain.com/conf/nginx/*.conf;
}

included file ( /var/www/maindomain.com/conf/nginx/*.conf;) (this is an ssl.conf file)

ssl on;
ssl_certificate     /etc/letsencrypt/live/maindomain.com/fullchain.pem;
ssl_certificate_key     /etc/letsencrypt/live/maindomain.com/privkey.pem;

Force ssl (etc/nginx/conf.d/force-ssl-maindomain.com.conf

server {
        listen 80;
        server_name www.maindomain.com maindomain.com;
        return 301 https://maindomain.com$request_uri;
}

So, this works if I keep it all on the maindomain.com ... but once I add a tracking domain into the mix, I get the error messages. Personally, I don't see anything weird with the setup, but it might just be the way the script deals with it ?

I have had the script installed once before with a comodo ssl and it worked fine ... but it was a pain to manually set up ssl every time, so I switched to LE ssl.

Have another answer? Share your knowledge.