Adding a DNS for Certbot

Coder_Gage · June 16, 2023, 8:45pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: coder-gage.dev

I ran this command: certbot certonly -d coder-gage.dev --server "https://dv.acme-v02.api.pki.goog/directory" --standalone

It produced this output:
Requesting a certificate for coder-gage.dev

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: coder-gage.dev
Type: incorrectResponse
Detail: DNS look-up of coder-gage.dev returned no results.

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed.

My web server is (include version): Don't know

The operating system my web server runs on is (include version): Don't know

My hosting provider, if applicable, is: Google Domains

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.6.0

danb35 · June 16, 2023, 9:12pm

If you have a question, it'd be good for you to ask it, rather than to leave us to infer it from the error message you received. But in this case it's pretty clear, as is the resolution: there are no DNS records for your domain. You'll need to create them.

Coder_Gage · June 16, 2023, 9:15pm

I did create them.

Osiris · June 16, 2023, 9:22pm

What and how did you create them?

danb35 · June 16, 2023, 9:29pm

Google's DNS servers don't seem to think so:

 dan@Dan-MBP-2019  ~  dig @ns-cloud-a3.googledomains.com coder-gage.dev

; <<>> DiG 9.10.6 <<>> @ns-cloud-a3.googledomains.com coder-gage.dev
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17196
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;coder-gage.dev.			IN	A

;; AUTHORITY SECTION:
coder-gage.dev.		300	IN	SOA	ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 3 21600 3600 259200 300

;; Query time: 85 msec
;; SERVER: 216.239.36.106#53(216.239.36.106)
;; WHEN: Fri Jun 16 17:29:13 EDT 2023
;; MSG SIZE  rcvd: 136

...and since they're authoritative for your domain, there's your problem.

Coder_Gage · June 21, 2023, 10:22pm

Using Google domains. I clicked "Manage custom records", then I added a CNAME record for my website.

webprofusion · June 22, 2023, 1:51am

To setup a website you need to point your domain at the IP address of a server. So if you type your domain into Dig (DNS lookup) it should normally show an A record pointing to an IP address.

You can use CNAMEs pointing to other names (which eventually resolve to an IP address), but the DNS system currently says you don't have that either.

get a DNS result showing up using dig first
then try accessing your website using http - if the name doesn't resolve to a website you're not going to get a cert using http validation.
then try setting up your certificate.

rg305 · June 22, 2023, 4:26am

Please show that page and entry.

Coder_Gage · June 22, 2023, 11:22am

However, the first two links work as https without the certificate, but the last one doesn't.

MikeMcQ · June 22, 2023, 1:53pm

The domain in your first post was your apex domain (or root domain). You were trying to get a cert using the HTTP Challenge method. That requires an A and/or AAAA record to reach your server. A CNAME is not allowed at the apex but could be used for your subdomains.

Right now I don't see any problem with the 3 subdomains from your most recent post. Two of them use Cloudflare CDN and give a proper response to HTTPS. The object-project domain uses netlify with a valid Let's Encrypt cert.

I'm not really sure what the problem is. It would help if you explained what you are trying to use that cert for. And, why you prefer a cert from Google rather than Let's Encrypt

Coder_Gage · June 22, 2023, 2:32pm

I'm trying to add a subdomain as an alternative link to my GitBook website. It is for tux-corp.coder-gage.dev, but fails to load the certificate.

MikeMcQ · June 22, 2023, 2:47pm

that tux-corp domain cert looks fine to me.

I'm not familiar with that tool you show in last post so don't know what to say about that. And, I don't usually offer much help unless using Let's Encrypt certs which right now tux-corp is using Google CA

Maybe ask on a forum where you got that tool

system · July 22, 2023, 2:47pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.