Why is my server configuration inconsistent?

July 28, 2019 391 views
DNS
ncorti
By:
ncorti

I got a domain in GoDaddy and I am using DigitalOcean (DO) to deploy my webapp. I created a ssl certificate using letsencrypt and aparently everything is fine. When I run the ssl-test from www.ssllabs.com it appears to be a problem with the server configuration (Warning: Inconsistent server configuration)

Why is my godaddy ip address not certified as my DO ip?

thx

Log In to Comment
4 Answers
ageorgiev July 28, 2019

Hello!

Do you see two domains listed in the result in ssllabs.com? Can you confirm if both www and the non www DNS records are pointed to the same IP address?

Looking forward to your reply.

Alex

Reply
ncorti July 28, 2019

Hi,
Yes, I have two domains listed in the result in ssllabs.com. One is the IP address of DigitalOcean with A+ Grade, and the other address is the one in Godaddy with no grade. An additional message says “Certificate not valid for domain name”..

I am not sure about the pointing. What I have done is in godaddy create a new A record to root and the DO ip address…

I have also tried changing the nameservers but same result.

I suppose, I am doing the IP pointing wrong. Is the only thing I can think of.

Cheers

Reply
ageorgiev July 28, 2019

Thanks for replying back.

The DNS should be pointed correctly, usually you just need to point the A record of the domain name to the DigitalOcean IP address.

Two things to check:

  1. Make sure the SSL was issued for both www and non www version of your domain name.
  2. If you’re using nginx, make sure to check the config file and see if the domain is configured properly, because it should include both domains:
server_name yourdomain.com www.yourdomain.com;

Alex

Reply
  • ncorti July 28, 2019

    Thanks for the fast response.

    Well, actually the certificate was issued in both cases only for mydomain.com

    So, I am planning to do is adding www.mydomain.com to the configuration files, and generate a new certificate, but

    What would happend to the old certificate? Do I have to delete it manually?

    Cheers

    • ageorgiev July 28, 2019

      You can delete the old certificate and issue a new one with both www and non www. Also as you mentioned add www.yourdomain.com to the configuration files in order to make sure everything is configured properly.

      Let me know if I can assist you with anything else.

      Alex

      • ncorti July 28, 2019

        How to delete the old certificate??? sorry I am new in the business, any hint would be really appreciated

        • ageorgiev July 28, 2019

          You can try doing this using certbot:

          certbot delete --cert-name yourdomain

          Alex

          • ncorti July 28, 2019

            well, actually I am using acme-tiny…

            is it enough just to delete the certificate in the acme-tiny directory??

ageorgiev July 28, 2019

Yes, you can also delete the certificate in the acme-tiny directory and then issue another SSL certificate.

Let me know how it goes.

Alex

Reply
  • ncorti July 29, 2019

    Hi there,

    well, I have executed all your recommendations and I still have the same result.Both root and www are pointed but the result is ssllabs is still the same
    :-|

    • ageorgiev July 30, 2019

      If everything is working fine for you and you’re unable to track any issues with your site you can use some alternative sites to check the SSL: DigiCert and SSL Checker

      I’ve seen a lot of people complaining about the same error. There should be something which SSLlabs don’t like here, but this does not necessary mean that something is broken or not working.

      Alex

Have another answer? Share your knowledge.

Related Questions