Can't get rid of DA install hostname

dorucrisan

Verified User
Joined
Oct 23, 2021
Messages
203
Location
Bucharest / Romania
I have a problem with a server, can't get certificate for the host. I changed host name and name servers in DA, still getting these errors. It referrs to the original host name given by DA during install, but that was changed, I don't understand from where it still get it.

1758857831538.png

1758857910563.png


1758859919953.png

All is very weird as on another machine, with exactly same settings, practically a clone of this one, all works OK. Of course, never connected both at the same time. It's just a backup server, for quick replacement in case of crash, another physical machine with exactly same settings. One works, the other does not. I have backups of other servers, none has this problem, all works, can be simply replaced when needed.
 
Last edited:
Just make sure hostsecurity.ro first resolves in DNS, after that. get a new ssl cert.
 
SOLVED, thanks. The problem was a list of IP's for bad AWS bots I have in csf.deny. Removing them solved the problem. Now that is solved, I will add again that blacklist. Helps reducing parasite traffic/CPU/MySQL load.
 
SOLVED, thanks. The problem was a list of IP's for bad AWS bots I have in csf.deny. Removing them solved the problem. Now that is solved, I will add again that blacklist. Helps reducing parasite traffic/CPU/MySQL load.
Was/were the offending IP(s) in the blacklist stopping letsencrypt or the DNS resolution? I'd find it a little concerning if a blocked IP was being used as part of the resolution for any of the domains. Maybe it's worth a little investigation for your own peace of mind? Could be something as simple as an IP now recycled, and has a better reputation so can be delisted.
 
Was/were the offending IP(s) in the blacklist stopping letsencrypt or the DNS resolution? I'd find it a little concerning if a blocked IP was being used as part of the resolution for any of the domains. Maybe it's worth a little investigation for your own peace of mind? Could be something as simple as an IP now recycled, and has a better reputation so can be delisted.
The error message said something about DNS, like no finding domain or something. However, the DNS' registered on server are those provided by local ISP and are not the same as those blacklisted. which are all AWS IP's.
 
Back
Top