By TommyLeong
My goal: I’m trying to generate SSL cert using Let’s Encrypt to be used by my load balancer. As I try to generate Let’s Encrypt Cert, however I received the error as mentioned
Failed to validate nameserver records: a non DigitalOcean Name Server was found for [domainname].info domain
What I’ve did Within Digital Ocean, my project has added my main domain (which sits in AWS Route53). Within the main domain that sets in project, I have also configured
- my subdomain directs to my Load Balancer IP
- main domain directs to
ns1.digitalocean.com.as well asns2,ns3
Within AWS Route 53, I have configured
- 1 record name for my subodmain, under type
NSand routing tons1.digitalocean.com.as well asns2,ns3
**** I have also read… I’ve read both the posts here, still facing the same issue.
- https://www.digitalocean.com/community/questions/failed-to-validate-nameserver-records-a-non-digitalocean-name-server-was-found-for-domainname-com-domain
- https://www.digitalocean.com/community/questions/error-failed-to-validate-name-servers
What I’ve checked
When checking the NS records here in https://www.digitalocean.com/community/tools/dns for my domain and subdomain, here’s the result for A Records and NS Records.
Main Domain
- A records: contains a few IP which is from AWS itself.
- NS records: contains a few NS which is from AWS itself
Subdomain
- A records: contains only 1 IP which is my Load Balancer IP from Digital Ocean itself.
- NS records: empty
What seems to be my mistake?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Hi there,
If you’ve added your main domain in DigitalOcean, then what you would need to do is to actually update your nameservers via your domain name registrar to the DigitalOcean ones.
You will not be able to have your main domain name simultaneously have two active DNS zones.
What you could do is to re-create all of your DNS records that you currently have in Route53 and add them under your DigitalOcean DNS zone. Then via your domain name provider, update your nameservers to the DigitalOcean ones.
To verify what your current nameservers for the main domain name are, you can use the whois command:
whois your-domain.com
That way you will be able to fully manage all of your DNS settings via your DigitalOcean control panel.
Let me know if this works for you!
Best,
Bobby
Hi Bobby, thanks for the direction, indeed it was nameserver issue
Earlier I created a Type NS (nameserver) record under AWS Route53 hosted zone pointing my domain to Digial Ocean NS, which is not enough, I needed to point my main domain only to Digital Ocean nameserver (removing AWS nameserver). Once this is completed, I’m able to create LetEncrypt cert successfully!
However, I’ve doubt to the point where you mentioned below
You will not be able to have your main domain name simultaneously have two active DNS zones.
Because right after the LetsEncrypt cert creation, I re-appended AWS nameserver into my domain, keeping the domain having 2 different nameserver (4 from AWS, 2 from DigitalOcean) and it still working as expected.
The only catch here is, at the next renewal of SSL Cert, I may need to remove the AWS nameserver again in order to create a new cert again.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.