BNCert-Tool is stating that the domain is associated with another IP

Keywords: WordPress - AWS - Technical issue - Secure Connections (SSL/HTTPS)

bnsupport ID: 3a8b64e6-5cb6-8da5-6244-5ef2713c8c50

bndiagnostic output:

? Apache: Found possible issues
? Connectivity: Found possible issues
? Php: Found possible issues
https://docs.bitnami.com/general/apps/wordpress/administration/use-pagespeed/#disable-pagespeed
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
https://docs.bitnami.com/bch/apps/moodle/troubleshooting/deny-connections-bots-apache/
https://docs.bitnami.com/general/faq/administration/use-firewall/
https://docs.bitnami.com/general/apps/wordpress/configuration/configure-phpfpm-processes/

bndiagnostic failure reason: The tool could not find any issue

Description:
I’ve run the bncert-tool however it is telling me that the IP is associated with another IP. While that was true, the TTL was set to 1000 seconds and tools like DNS checker show it as propagated. Can you check things on your end?

Warning: The domain ‘sig4cai.com’ resolves to a different IP address than the
one detected for this machine, which is ‘18.233.21.133’. Please fix its DNS
entries or remove it.

I’m in the process of backing out of the DNS changes but would still like to better understand timing from Bitnami if possible. What DNS servers are used to confirm propagation, and how long is a record held before being released?

Hi @billgaffney,

Thanks for using Bitnami. DNS updates usually take up to 72 hours to fully propagate the changes all over the world.

The bncert tool internally uses the getent hosts YOUR_DOMAIN command to verify the associated IP address using the server DNS configuration, which is the default configuration from de base Debian machine. Can you run it in your server via SSH to check the current value it returns? If the current value is ok, then the bncert tool may be able to pass its internal check.

Thank you so much for the quick reply. This is remarkably helpful info for the next migration I’ll do.

The odd thing is that it was resolving correctly via nslookup (or dig) from the bitnami server where I was requesting the cert which is why I was perplexed and assume that the primary lookup was performed elsewhere (like a centralize Bitnami server a la Let’s Encrypt).

Regardless, things are now resolved after re-init’ing the process again. Thank you.

Glad to see you were able to solve your issue! We are marking the previous answer as “Solution” and this topic as “Closed”.

If you have any other questions, please do not hesitate to let us know. Feel free to create a new topic referencing this one if necessary.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart: