Letsencrypt DNS problem looking up A

October 21, 2016 13.2k views
Let's Encrypt Apache Ubuntu 16.04

I successfully installed an SSL certificate for one of my domains the other day using your tutorial. Today I tried to general an SSL certificate for a second domain, and I'm getting the error "DNS problem: NXDOMAIN looking up A for [the domain]". Now the detail says to make sure the DNS A record contains the right IP address. I checked, it does.

Next it suggests to make sure no firewalls are preventing the server from communicating. How could that be a problem when I've done this before with no problem? I have not installed any firewalls or anything else for that matter since then.

Could this DNS problem have anything to do with the massive DDoS attack that's occurring today? Suggestions appreciated.

1 comment
  • Anyone? I am still having no luck today, which implies it wasn't the DDoS attack that was causing it. I don't know what else to try.

3 Answers

OK guys, I finally found the answer. Even though the error thrown was complaining about the A record, that wasn't what was causing it (the A record was fine). The reason it was failing was because I didn't set up CNAME records for the domain. Took forever to figure this out, thought I'd post the answer in case someone else runs into this problem.

  • I actually struggling trying to set up a subdomain for my website. The issue I have is that while I'm trying to append 'www' to it so that it when you type www.example.com it takes you to the site.

    I managed to deduce that likewise it may be that I have to set up a CNAME record and point it so that it reads www.example.com. (with the trailing dot at the end)

    Did you have to do something similar? I just made the change and I'm wondering if it worked for you. I tried running letsencrypt again but it still complaints. Granted, it was a few minutes ago and they do say that these things take a while to populate, but I would like to know if I'm barking up the wrong tree or not so I can change strategy.

There are no issues in our systems at this time but a massive DNS provider "Dyn" is experiencing a massive DDoS attack at this time. While our droplets are configured to use Google Public DNS instead, droplets trying to reach out to other sites that utilize Dyn DNS will experience connection issues.


I didn't think so but I was grasping at straws. Any other ideas why I might be having this problem? I'm not finding any difference in what worked before and what isn't working now. EDIT: Oh wait - do you think the certificate authority letsencrypt uses might be affected then?

Have another answer? Share your knowledge.