Letsencrypt DNS problem looking up A

Posted October 21, 2016 46.1k views
ApacheLet's EncryptUbuntu 16.04

I successfully installed an SSL certificate for one of my domains the other day using your tutorial. Today I tried to general an SSL certificate for a second domain, and I’m getting the error “DNS problem: NXDOMAIN looking up A for [the domain]”. Now the detail says to make sure the DNS A record contains the right IP address. I checked, it does.

Next it suggests to make sure no firewalls are preventing the server from communicating. How could that be a problem when I’ve done this before with no problem? I have not installed any firewalls or anything else for that matter since then.

Could this DNS problem have anything to do with the massive DDoS attack that’s occurring today? Suggestions appreciated.


These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
4 answers

OK guys, I finally found the answer. Even though the error thrown was complaining about the A record, that wasn’t what was causing it (the A record was fine). The reason it was failing was because I didn’t set up CNAME records for the domain. Took forever to figure this out, thought I’d post the answer in case someone else runs into this problem.

  • I actually struggling trying to set up a subdomain for my website. The issue I have is that while I’m trying to append ‘www’ to it so that it when you type it takes you to the site.

    I managed to deduce that likewise it may be that I have to set up a CNAME record and point it so that it reads (with the trailing dot at the end)

    Did you have to do something similar? I just made the change and I’m wondering if it worked for you. I tried running letsencrypt again but it still complaints. Granted, it was a few minutes ago and they do say that these things take a while to populate, but I would like to know if I’m barking up the wrong tree or not so I can change strategy.

  • in case of subdomains what do we do i am suffering the same issue with godaddy.

I had this same problem. Took me a heck of while to figure it out. My problem was that no CNAME record was set. Simply add www to HOSTNAME and make it an alias of root using @. Worked for me.

  • Hello,
    I know this post and these comments are old but I want to be a good guy and report that I was having the issue ‘acme: error: 400 :: urn:ietf:params:acme:error:dns’ when deploying cookiecutter-django to digital ocean and following this advice I was able to generate a certificate. CNAME record with 'www’ as HOSTNAME and ’@’ for IS AN ALIAS OF

There are no issues in our systems at this time but a massive DNS provider “Dyn” is experiencing a massive DDoS attack at this time. While our droplets are configured to use Google Public DNS instead, droplets trying to reach out to other sites that utilize Dyn DNS will experience connection issues.

I didn’t think so but I was grasping at straws. Any other ideas why I might be having this problem? I’m not finding any difference in what worked before and what isn’t working now. EDIT: Oh wait - do you think the certificate authority letsencrypt uses might be affected then?