Question
Letsencrypt verification failing for naked domain
Domain netsqservice.com served from godaddy.
Setup nameserver to point to DO.
NS1.DIGITALOCEAN.COM
NS2.DIGITALOCEAN.COM
NS3.DIGITALOCEAN.COM
Setup Forwarding 302 to https://www.netsqservice.com from godaddy.
DO Zone file
$ORIGIN www.netsqservice.com.
$TTL 1800
www.netsqservice.com. IN SOA ns1.digitalocean.com. hostmaster.www.netsqservice.com. 1473723299 10800 3600 604800 1800
www.netsqservice.com. 1800 IN NS ns1.digitalocean.com.
www.netsqservice.com. 1800 IN NS ns2.digitalocean.com.
www.netsqservice.com. 1800 IN NS ns3.digitalocean.com.
www.netsqservice.com. 1800 IN A 162.243.140.9
www.www.netsqservice.com. 1800 IN CNAME www.netsqservice.com.
DO apache conf-
<VirtualHost *:80>
ServerAlias netsqservice.com
RedirectMatch permanent ^/(.*) https://www.netsqservice.com/$1
</VirtualHost>
<VirtualHost *:80>
ServerAdmin admin@netsqservice.com
ServerName netsqservice.com
DocumentRoot /var/www/netsqservice.com/public_html
ErrorLog ${APACHE_LOG_DIR}/netsqservice-error.log
CustomLog ${APACHE_LOG_DIR}/netsqservice-access.log combined
</VirtualHost>
command -
certbot-auto –apache -d netsqservice.com -d www.netsqservice.com
error -
Failed authorization procedure. netsqservice.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for netsqservice.com
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: netsqservice.com
Type: connection
Detail: DNS problem: SERVFAIL looking up A for netsqservice.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Note:
When I tried with certbot-auto –apache -d www.netsqservice.com , it worked. The naked domain has some problem in verifying with letsencrypt. Any help is highly appreciated.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×