Can't obtain a certificate: dns problem

bontxa · November 10, 2018, 5:16pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
bontxaserver.it (trying to obtain)
I ran this command:

certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): bontxaserver.it
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bontxaserver.it
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. bontxaserver.it (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for bontxaserver.it

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: bontxaserver.it
Type: None
Detail: DNS problem: NXDOMAIN looking up A for bontxaserver.it

My web server is (include version):
apache
The operating system my web server runs on is (include version):
debian sid
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

hi,
i’m trying to obtain a certificate for running nextcloud on my computer but i have the error shown above.
can somebody help? sorry but i’m at my first approach with servers so i’m in difficult.
thanks in advance!

JuergenAuer · November 10, 2018, 5:23pm

Hi @bontxa

this domain isn't registered. So you can't get a certificate with this domain name.

You need a public visible domain name. And if you want to use http-01 validation, there must be a dns A record

your domain name -> your public visible ip address.

bontxa · November 10, 2018, 5:37pm

thanks for your reply.
so the first thing i have to do is obtain a public domain, right?
sorry for stupid questions

JuergenAuer · November 10, 2018, 5:41pm

Yes, you need a public visible domain.

Osiris · November 10, 2018, 6:15pm

Perhaps I'm asking a dumb question, but why do you need a certificate if you don't have a public domain?

bontxa · November 10, 2018, 11:08pm

I want to run nextcloud so i need a domain and a certificate, but since it is the first time i try, i’m making lots of errors…

AlbertJP · November 12, 2018, 12:56am

It appears you only want to run Nextcloud inside your home network?

In that case I’d either use it without HTTPS (which is well possible) or to use a self-signed certificate for which you add an exception in your local computers’ browsers. If you are running Active Directory or IPA, those will provide you with a CA to sign certificates trusted by all computers in the domain, in which case you do not need Let’s Encrypt.

Using https is not compulsory, it is just ‘strongly encouraged’: https://docs.nextcloud.com/server/14/admin_manual/installation/source_installation.html#enabling-ssl-label
The point of this is to protect user data going through servers on the web that you might not trust with your data (ISP, government, etc.), but there is no need to do so if everything stays in your house.
One important caveat: do not use it over an open wifi network if https is off.

bontxa · November 12, 2018, 7:39pm

Thanks for your precious information. I think i’ll do as you suggest

system · December 12, 2018, 7:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.