Can't obtain a certificate: dns problem


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
bontxaserver.it (trying to obtain)
I ran this command:

certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): bontxaserver.it
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bontxaserver.it
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. bontxaserver.it (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for bontxaserver.it

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: bontxaserver.it
    Type: None
    Detail: DNS problem: NXDOMAIN looking up A for bontxaserver.it

My web server is (include version):
apache
The operating system my web server runs on is (include version):
debian sid
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

hi,
i’m trying to obtain a certificate for running nextcloud on my computer but i have the error shown above.
can somebody help? sorry but i’m at my first approach with servers so i’m in difficult.
thanks in advance!


#2

Hi @bontxa

this domain isn’t registered. So you can’t get a certificate with this domain name.

You need a public visible domain name. And if you want to use http-01 validation, there must be a dns A record

your domain name -> your public visible ip address.


#3

thanks for your reply.
so the first thing i have to do is obtain a public domain, right?
sorry for stupid questions


#4

Yes, you need a public visible domain.


#5

Perhaps I’m asking a dumb question, but why do you need a certificate if you don’t have a public domain?


#6

I want to run nextcloud so i need a domain and a certificate, but since it is the first time i try, i’m making lots of errors…


#7

It appears you only want to run Nextcloud inside your home network?

In that case I’d either use it without HTTPS (which is well possible) or to use a self-signed certificate for which you add an exception in your local computers’ browsers. If you are running Active Directory or IPA, those will provide you with a CA to sign certificates trusted by all computers in the domain, in which case you do not need Let’s Encrypt.

Using https is not compulsory, it is just ‘strongly encouraged’: https://docs.nextcloud.com/server/14/admin_manual/installation/source_installation.html#enabling-ssl-label
The point of this is to protect user data going through servers on the web that you might not trust with your data (ISP, government, etc.), but there is no need to do so if everything stays in your house.
One important caveat: do not use it over an open wifi network if https is off.


#8

Thanks for your precious information. I think i’ll do as you suggest