How do I redirect all trafic from a domain extension to another one (HTTPS included)?


I have two domain extensions, and My main domain extension is the .com so my goal is to redirect all traffic coming from the .io extension to the .com (including HTTPS traffic).

I have set up redirects in my wordpress_sites.yml to include the second domain :

      - canonical:
      enabled: true
      provider: letsencrypt

In my domain name manager, I created a DNS A record on each domain (.com and .io) to point to my DigitalOcean droplet IP and also set up the DNS to DigitalOcean’s DNS.

But when I’m trying to re-provision my server I get this error from letsencrypt :

ansible-playbook server.yml -e env=production --tags letsencrypt

Could not access the challenge file for the hosts/domains: Let’s
Encrypt requires every domain/host be publicly accessible. Make sure that a
valid DNS record exists for and that they point to this server’s
IP. If you don’t want these domains in your SSL certificate, then remove them
from site_hosts. See SSL | Trellis Docs | Roots for more details.

failed: [] ( => {“changed”: false, “item”: “”}

This comes for sure from a misconfiguration on my domain names’ manager and I am clearly missing a point here but I have no idea what.
When I’m pinging I get : ping: cannot resolve Unknown host so it seems the DNS A record is not working. I have made the changes on the DNS 2 days ago so it should be updated by now but still not working.

Is my trellis configuration file properly set ? And how should I configure my DNS records on my second domain extension to make it work ?

Thanks in advance.

This error indicates that your A record for cannot be resolved to the issuing server. So you’re right in thinking this is a DNS issue.

You mention that you pointed your DNS to to Digital Ocean’s DNS. If this change was made after adding your A record then you will need to add the A records in Digital Ocean’s Domain manager as that’s where your new records will be held, not with your original registrar.

Instead of pinging your domain I would check with a tool like this:

From there you can verify that there is a valid A record pointing to the correct IP. You can also use the tool to check for duplicate entries or incorrect configuration such as using a CNAME record in addition to an A record, and verify the name servers you are using.

NB If you have IPV6 entries on your DNS configuration these will take precedence over IPV4. Sometimes registrars can add these by default. IPV6 addresses are indicated with AAAA as opposed to the IPV4 version of A

Finally to check propagation globally you can use this tool:

1 Like

This. I put back the DNS from the original registrar and it works.

I can’t explain why it didn’t work before though. I did setup the A record on Digital Ocean’s domain manager and the DNS seemed to be correctly set. Maybe it takes more time to update.

Anyway thank you for pointing me in the right direction !