Adding domain to existing ip running two SSL certificates

klx005 · December 7, 2018, 5:37pm

Hi there !

First of all thanks a lot to letsencrypt which I’ve been using for another domain (outfired.com) and which has worked perfectly !

I’ve been trying to add a new domain described below, but I’m getting a few troubles !
Both domains have DNS records A towards the same IP.
Outfired.com works perfectly, I’m trying to add the below to it. (have a 2nd certificate for the new domain name and run 2 VirtualHosts in apache to serve the 2 websites)

My domain is: onceuponatime.co.uk

I ran this command: sudo certbot --apache -d onceuponatime.co.uk

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for onceuponatime.co.uk
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. onceuponatime.co.uk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for onceuponatime.co.uk
IMPORTANT NOTES:
_ - The following errors were reported by the server:_
_ Domain: onceuponatime.co.uk_
_ Type: None_
_ Detail: DNS problem: SERVFAIL looking up A for onceuponatime.co.uk_

My web server is (include version):
Apache 2.2

The operating system my web server runs on is (include version):
Linux Debian 9

My domain provider:
google domains

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

From my initial investigations, it looked like DNSSEC might be the issue so I enabled it - it made no difference.

Any ideas ?

mnordhoff · December 7, 2018, 5:47pm

DNS resolution issues are often due to DNSSEC problems, but this one isn’t. According to the TLD, onceuponatime.co.uk uses these nameservers:

onceuponatime.co.uk.    172800  IN      NS      ns0.clara.net.
onceuponatime.co.uk.    172800  IN      NS      ns1.clara.net.
onceuponatime.co.uk.    172800  IN      NS      ns2.clara.net.

They all respond with a REFUSED error code, meaning they don’t host the domain.

Either the NS records are pointing to the wrong DNS service, or the DNS service deactivated the zone or is malfunctioning.

Edit: By the way, the domain’s registrar is also Claranet.

klx005 · December 7, 2018, 6:00pm

Thanks a lot mnordhoff !

I’ll try and change the nameservers to setup the same ones as my other domain ! Will let you know if it works.

rg305 · December 8, 2018, 12:14am

https://dnsspy.io/scan/onceuponatime.co.uk
Shows all three nameservers as:
“Non-responsive nameservers”

klx005 · December 14, 2018, 9:09am

Thanks again Mark !

After changing the nameservers it worked like a charm.

Have a wonderful day !

system · January 13, 2019, 9:10am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.