Can´t add LetsEncrypt certificate on Load balancer for new subdomain

October 26, 2018 1.2k views
Let's Encrypt Load Balancing Ubuntu 16.04

Hi. I'm having a really hard time trying to figure this out, so far nothing has worked

I currently have a DO load balancer in front of two small droplets. I have a subdomain (beta.example.com) pointed to the the LB which performs SSL termination. The SSL cert for the LB is generated by digital ocean automatically from Let's Encrypt (using the simple two-click setup). This has been working fine since I set it up 2-3 months ago.

Today, I created a new subdomain (new.example.com) with an A record pointed to the same load balancer (in the meantime, I changed nginx configuration in my droplets so they would take the traffic to the new subdomain).
(The parent domain, example.com, was purchased from namecheap, and points to DO nameservers as it always has)

When I tried to create (using the same super simple two click setup) a new SSL cert for the load balancer that would work with the new subdomain (as the previous had been only created for beta.example.com and www.example.com), I couldn't complete the process because I got an error "No NS records found for example.com domain." (even though they are all set, for months now)... I inspected the XHR traffic (request and response) when trying to complete the process, and DO's response comes as HTTP 422 (Unprocessable Entity) with the above message.

I tried removing and re-adding the NS records for my domain, still the same error. I tried creating a subdomain on other domains I've hosted in my account using the same process, and got the same error. Tried spinning up an entirely new loadbalancer with a new subdomain, same error.

The thing is I need to promote my website to production, but it's not good marketing to host it under a "beta" subdomain unless it's 2005 and you're google :)

If anyone helps me figure it out, I'll owe you a beer if you come to Chile :)

EDIT: FWIW, if I go into a dev box I have on a totally different hosting provider and run dig NS example.com, the answer section correctly returns digitalocean's nameservers as expected (ns1.digitalocean.com, ns2.digitalocean.com, ns3.digitalocean.com)

2 Answers

I'm getting the exact same error "No NS records found for ... domain." when trying to add a new certificate.

Update: I got word back from DO support and I was told that there was a bug in the backend that got fixed late saturday/early sunday. It's now working fine :)

Have another answer? Share your knowledge.