Letsencrypt DNS problem looking up A

October 21, 2016 18.7k views
Apache Let's Encrypt Ubuntu 16.04

I successfully installed an SSL certificate for one of my domains the other day using your tutorial. Today I tried to general an SSL certificate for a second domain, and I’m getting the error “DNS problem: NXDOMAIN looking up A for [the domain]”. Now the detail says to make sure the DNS A record contains the right IP address. I checked, it does.

Next it suggests to make sure no firewalls are preventing the server from communicating. How could that be a problem when I’ve done this before with no problem? I have not installed any firewalls or anything else for that matter since then.

Could this DNS problem have anything to do with the massive DDoS attack that’s occurring today? Suggestions appreciated.

1 comment
4 Answers

OK guys, I finally found the answer. Even though the error thrown was complaining about the A record, that wasn’t what was causing it (the A record was fine). The reason it was failing was because I didn’t set up CNAME records for the domain. Took forever to figure this out, thought I’d post the answer in case someone else runs into this problem.

  • I actually struggling trying to set up a subdomain for my website. The issue I have is that while I’m trying to append ‘www’ to it so that it when you type www.example.com it takes you to the site.

    I managed to deduce that likewise it may be that I have to set up a CNAME record and point it so that it reads www.example.com. (with the trailing dot at the end)

    Did you have to do something similar? I just made the change and I’m wondering if it worked for you. I tried running letsencrypt again but it still complaints. Granted, it was a few minutes ago and they do say that these things take a while to populate, but I would like to know if I’m barking up the wrong tree or not so I can change strategy.

I had this same problem. Took me a heck of while to figure it out. My problem was that no CNAME record was set. Simply add www to HOSTNAME and make it an alias of root using @. Worked for me.

There are no issues in our systems at this time but a massive DNS provider “Dyn” is experiencing a massive DDoS attack at this time. While our droplets are configured to use Google Public DNS instead, droplets trying to reach out to other sites that utilize Dyn DNS will experience connection issues.

https://www.hackread.com/ddos-attack-dns-sites-suffer-outage/

I didn’t think so but I was grasping at straws. Any other ideas why I might be having this problem? I’m not finding any difference in what worked before and what isn’t working now. EDIT: Oh wait - do you think the certificate authority letsencrypt uses might be affected then?

Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!