Adding a DNS for Certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: certbot certonly -d --server "" --standalone

It produced this output:
Requesting a certificate for

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Type: incorrectResponse
Detail: DNS look-up of returned no results.

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.

My web server is (include version): Don't know

The operating system my web server runs on is (include version): Don't know

My hosting provider, if applicable, is: Google Domains

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.6.0

If you have a question, it'd be good for you to ask it, rather than to leave us to infer it from the error message you received. But in this case it's pretty clear, as is the resolution: there are no DNS records for your domain. You'll need to create them.


I did create them.

What and how did you create them?


Google's DNS servers don't seem to think so:

 dan@Dan-MBP-2019  ~  dig

; <<>> DiG 9.10.6 <<>>
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17196
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 512
;			IN	A

;; AUTHORITY SECTION:		300	IN	SOA 3 21600 3600 259200 300

;; Query time: 85 msec
;; WHEN: Fri Jun 16 17:29:13 EDT 2023
;; MSG SIZE  rcvd: 136

...and since they're authoritative for your domain, there's your problem.


Using Google domains. I clicked "Manage custom records", then I added a CNAME record for my website.

To setup a website you need to point your domain at the IP address of a server. So if you type your domain into Dig (DNS lookup) it should normally show an A record pointing to an IP address.

You can use CNAMEs pointing to other names (which eventually resolve to an IP address), but the DNS system currently says you don't have that either.

  • get a DNS result showing up using dig first
  • then try accessing your website using http - if the name doesn't resolve to a website you're not going to get a cert using http validation.
  • then try setting up your certificate.

Please show that page and entry.


However, the first two links work as https without the certificate, but the last one doesn't.

The domain in your first post was your apex domain (or root domain). You were trying to get a cert using the HTTP Challenge method. That requires an A and/or AAAA record to reach your server. A CNAME is not allowed at the apex but could be used for your subdomains.

Right now I don't see any problem with the 3 subdomains from your most recent post. Two of them use Cloudflare CDN and give a proper response to HTTPS. The object-project domain uses netlify with a valid Let's Encrypt cert.

I'm not really sure what the problem is. It would help if you explained what you are trying to use that cert for. And, why you prefer a cert from Google rather than Let's Encrypt :slight_smile:


I'm trying to add a subdomain as an alternative link to my GitBook website. It is for, but fails to load the certificate.

that tux-corp domain cert looks fine to me.

I'm not familiar with that tool you show in last post so don't know what to say about that. And, I don't usually offer much help unless using Let's Encrypt certs which right now tux-corp is using Google CA

Maybe ask on a forum where you got that tool


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.