Question

SSL Certificate Invalid

I’m hoping someone out there can shed some light on an issue I’m facing. I created droplet via the marketplace (Wordpress 1-click install). The steps I’m taking are as follows

  • Domain is hosted in Google Domains, so I’m using Digital Ocean custom name servers there.
  • Created a droplet using the WordPress-1-Click from the Marketplace
  • Created 2 A records in Digital Ocean control panel that point to the new droplets IP address
  • SSH’d into the server answered the script prompts. During the Let’s Encrypt section of the script I get some red text that the challenge has failed and some detail below it. (The IP address in brackets below is not what I have listed in my A records in digital ocean. The error was altered for privacy)
Domain: mysitename.dev
   Type:   unauthorized
   Detail: Invalid response from
   https://mysitename.dev/.well-known/acme-challenge/r8PzLOEgnfbHr0eBfIPO09ctTPSFadfD-hKdU4qAQ3E
   [198.111.74.66]: 404

  • The script completes and instructs me to go to my website in the browser to complete the set up, but I’m blocked by the browser because the certificate is invalid.

Can anyone tell me what is going on here? I’ve attempted destroying/recreating the droplet about 5 times.

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hello,

What I could suggest is checking your DNS records and making sure that the are the correct ones that you’ve specified in your DigitalOcean DNS zone:

https://www.whatsmydns.net/

If the records do not match the ones that you have in your DigitalOcean DNS this mostlikely means that your name servers are not set to the DigitalOcean ones. What I could suggest is is just double-checking the following:

  • Make sure that your nameservers are set to the DigitalOcean ones by following the steps here:

https://support.google.com/domains/answer/3290309?hl=en

  • Then if the nameservers are correct, I could suggest going to your DigitalOcean DNS zone and making sure that you do not have multiple A records for your root/@ domain

Once you make the DNS change give it another try.

Basically in order for Let’s Encrypt to verify your domain name, the A record of your domain needs to match the server IP address.

Regards,

Bobby