Question

Why is my server configuration inconsistent?

Posted July 28, 2019 1k views
DNS

I got a domain in GoDaddy and I am using DigitalOcean (DO) to deploy my webapp. I created a ssl certificate using letsencrypt and aparently everything is fine. When I run the ssl-test from www.ssllabs.com it appears to be a problem with the server configuration (Warning: Inconsistent server configuration)

Why is my godaddy ip address not certified as my DO ip?

thx

Add a comment
ncorti
By:
ncorti
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

4 answers
alexdo July 28, 2019

Hello!

Do you see two domains listed in the result in ssllabs.com? Can you confirm if both www and the non www DNS records are pointed to the same IP address?

Looking forward to your reply.

Alex

Reply Report
ncorti July 28, 2019

Hi,
Yes, I have two domains listed in the result in ssllabs.com. One is the IP address of DigitalOcean with A+ Grade, and the other address is the one in Godaddy with no grade. An additional message says “Certificate not valid for domain name”..

I am not sure about the pointing. What I have done is in godaddy create a new A record to root and the DO ip address…

I have also tried changing the nameservers but same result.

I suppose, I am doing the IP pointing wrong. Is the only thing I can think of.

Cheers

Reply Report
alexdo July 28, 2019

Thanks for replying back.

The DNS should be pointed correctly, usually you just need to point the A record of the domain name to the DigitalOcean IP address.

Two things to check:

  1. Make sure the SSL was issued for both www and non www version of your domain name.
  2. If you’re using nginx, make sure to check the config file and see if the domain is configured properly, because it should include both domains:
server_name yourdomain.com www.yourdomain.com;

Alex

Reply Report
  • ncorti July 28, 2019

    Thanks for the fast response.

    Well, actually the certificate was issued in both cases only for mydomain.com

    So, I am planning to do is adding www.mydomain.com to the configuration files, and generate a new certificate, but

    What would happend to the old certificate? Do I have to delete it manually?

    Cheers

    Reply Report
alexdo July 28, 2019

Yes, you can also delete the certificate in the acme-tiny directory and then issue another SSL certificate.

Let me know how it goes.

Alex

Reply Report
  • ncorti July 29, 2019

    Hi there,

    well, I have executed all your recommendations and I still have the same result.Both root and www are pointed but the result is ssllabs is still the same
    :-|

    Reply Report
    • alexdo July 30, 2019

      If everything is working fine for you and you’re unable to track any issues with your site you can use some alternative sites to check the SSL: DigiCert and SSL Checker

      I’ve seen a lot of people complaining about the same error. There should be something which SSLlabs don’t like here, but this does not necessary mean that something is broken or not working.

      Alex

      Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help