Can't create Certificate for my domain

My domain

I ran this command: certbot certonly --nginx -d

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up A for - check that a DNS record exists for this domain                                                                      ; DNS problem: NXDOMAIN looking up AAAA for - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the                                                                       listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsenc                                                                      rypt.log or re-run Certbot with -v for more details.

The operating system my web server runs on is (include version): Ubuntu 22.04.3 LTS

My hosting provider, if applicable, is: hetzner

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

The --nginx plug-in uses the HTTP Challenge to validate your domain. But, as the error explains, you do not have an A (and/or AAAA) record in your DNS with your public IP. The Let's Encrypt servers need that to locate your panel server. And, anyone else on the internet would need that too.

You have an A record for your root domain. But, not for your panel subdomain


Thanks, I will see if I can try to migrate this to Cloudflare to see if the domain can work with a better DNS system as it seems to always work from cloudflare

1 Like

I don't know why that would be necessary. Just add the appropriate A record (or AAAA record if you support IPv6) in the DNS panel.

Contact your DNS hosting provider for instructions but it should be pretty easy.


Too late, it's already at CF: nameserver = nameserver =

And it shows an IP:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.