I get “SSL renewal failed” mails, but cannot find more info why this fails. Where can I look?
I added some redirects, maybe there is a problem.
www.domain.com points to CDN
CDN to www2.domain.com on Hetzner-Server managed by cleavr. domain.com points to Hetzner-Server, where I made a dummy site with ssl and redirect the traffic to www.domain.com (Saw to late, that there are settings to add domain to ssl certificate and aliasnames. Mybe I change to that settings.)
Thanks @amiedema. That helped. I deleted my workaround site and added the alias Domain domain.com to www2.domain.com site and domain.com as alternate domain to ssl certificate. Renewing of the cert faild, but the error message i saw then gave the hint, that I had a typo in the AAAA DNS record. It seems that I added the ipv6 entry after requesting the first ssl-cert.
Hi @romanw we setup redirects based on how the domain was entered for the site during creation. If non-www, then Cleavr will add redirects from www to non-www. If domain was setup with www, then Cleavr adds redirects from non-www to www. If it’s feasible, you might consider removing the site and then re-adding with www.
Site: www.www2.domain.com redirect to www2.woka.com = correct
Alias: www.domain.com redirect to domain.com = should be disabled
alias domain.com should redirect to www.domain.com on the CDN picking the cleavr site www2.domain.com
Sorry - I wasn’t clear on the alias being redirected. We don’t add any www/non-www redirects for alias domains, so those would need to be added in a similar way as what you see for the main domain. Such as, create a separate header file for the alias redirect:
return 301 $scheme://www.example.com$request_uri;
Should still work if you remove the www after loading, at least it does for my test site. It could be that there is something else going on in app, nginx config, etc for the trailing slash.
Also, keep in mind any sub-domain passing through the server should also be added to the SSL as an alt domain; otherwise, users may get a browser error.
I’m not sure if this completely answers your questions.