Hi! I am having problems setting up ssl encryption for my website. I’ve followed this tutorial and I am failing at step four on:

sudo certbot --nginx -d example.com -d www.example.com

With the following error:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for personality.kg
http-01 challenge for www.personality.kg
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. personality.kg (http-01): urn:acme:error:dns :: DNS problem: SERVFAIL looking up A for personality.kg

 - The following errors were reported by the server:

   Domain: personality.kg
   Type:   None
   Detail: DNS problem: SERVFAIL looking up A for personality.kg

I’ve also got the same error, but about CAA record for some reason.

I have two A records for personality.kg and www.personality kg, which correctly point to the droplet’s IP adress. I’ve checked this using:

dig +short @ns1.digitalocean.com personality.kg

Here is my nginx config file located in sites-enabled directory, I’ve removed the default one:

server {
listen 81;
real_ip_header X-Forwarded-For;
server_name personality.kg www.personality.kg;

root /var/www/html/psycho-test-rest/psycho_front/dist;

location /download_report/ {
root /var/www/html/psycho-test-rest/psycho_front/user-results;
try_files $uri /resultsdownload.html;

location ~ ^/(tests|CRUD)/ {
include uwsgi_params;
uwsgi_pass unix:/var/www/html/psycho-test-rest/socket.sock;
uwsgi_modifier2 30;

error_page 405 =200 /index.html;
location = /405.html {
root /usr/share/nginx/html;

error_page 501 502 503 504 /50x.html;
location = /51x.html {
root /usr/share/nginx/html;

Is there a way to fix this?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer

It turns out I just had to wait for couple of hours. Not all DNS records updated.

Submit an Answer