Related

Unable to configure Let's Encrypt on ubuntu 14.04 with apache Question Question
LetsEncrypt Renewal Failure Question Question

Question

Letsencrypt DNS problem looking up A

Posted October 21, 2016 39.5k views
ApacheLet's EncryptUbuntu 16.04

I successfully installed an SSL certificate for one of my domains the other day using your tutorial. Today I tried to general an SSL certificate for a second domain, and I’m getting the error “DNS problem: NXDOMAIN looking up A for [the domain]”. Now the detail says to make sure the DNS A record contains the right IP address. I checked, it does.

Next it suggests to make sure no firewalls are preventing the server from communicating. How could that be a problem when I’ve done this before with no problem? I have not installed any firewalls or anything else for that matter since then.

Could this DNS problem have anything to do with the massive DDoS attack that’s occurring today? Suggestions appreciated.

Add a comment
jenniferchalek
By:
jenniferchalek

Related

Unable to configure Let's Encrypt on ubuntu 14.04 with apache Question Question
LetsEncrypt Renewal Failure Question Question
Add a comment
2 comments
  • jenniferchalek October 22, 2016
    Reply Report

    Anyone? I am still having no luck today, which implies it wasn’t the DDoS attack that was causing it. I don’t know what else to try.

  • armadillo May 28, 2020
    Reply Report

    Jesus Christ, DNS issues with digitalocean are a mess, do i have to delete and recreate a droplet to be able to add new website?
    the records exists(both A and CNAME) but certbot wont recognize it and points to digitalocean that there are no A record with a particular subdomain

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
4 answers
jenniferchalek October 24, 2016

OK guys, I finally found the answer. Even though the error thrown was complaining about the A record, that wasn’t what was causing it (the A record was fine). The reason it was failing was because I didn’t set up CNAME records for the domain. Took forever to figure this out, thought I’d post the answer in case someone else runs into this problem.

Reply Report
  • Arponare December 15, 2016

    I actually struggling trying to set up a subdomain for my website. The issue I have is that while I’m trying to append ‘www’ to it so that it when you type www.example.com it takes you to the site.

    I managed to deduce that likewise it may be that I have to set up a CNAME record and point it so that it reads www.example.com. (with the trailing dot at the end)

    Did you have to do something similar? I just made the change and I’m wondering if it worked for you. I tried running letsencrypt again but it still complaints. Granted, it was a few minutes ago and they do say that these things take a while to populate, but I would like to know if I’m barking up the wrong tree or not so I can change strategy.

    Reply Report
  • syncnsecure April 14, 2020

    in case of subdomains what do we do i am suffering the same issue with godaddy.

    Reply Report
ayez1389 April 11, 2019

I had this same problem. Took me a heck of while to figure it out. My problem was that no CNAME record was set. Simply add www to HOSTNAME and make it an alias of root using @. Worked for me.

Reply Report
  • beasyx August 16, 2020

    Hello,
    I know this post and these comments are old but I want to be a good guy and report that I was having the issue ‘acme: error: 400 :: urn:ietf:params:acme:error:dns’ when deploying cookiecutter-django to digital ocean and following this advice I was able to generate a certificate. CNAME record with 'www’ as HOSTNAME and ’@’ for IS AN ALIAS OF

    Reply Report
dwilkin October 21, 2016

There are no issues in our systems at this time but a massive DNS provider “Dyn” is experiencing a massive DDoS attack at this time. While our droplets are configured to use Google Public DNS instead, droplets trying to reach out to other sites that utilize Dyn DNS will experience connection issues.

https://www.hackread.com/ddos-attack-dns-sites-suffer-outage/

Reply Report
jenniferchalek October 21, 2016

I didn’t think so but I was grasping at straws. Any other ideas why I might be having this problem? I’m not finding any difference in what worked before and what isn’t working now. EDIT: Oh wait - do you think the certificate authority letsencrypt uses might be affected then?

Reply Report

Related

Looking for something else?

Ask a new question Search for more help