Certbot : "DNS problem: looking up A for my_domain: DNSSEC: RRSIGs Missing; no valid AAAA records found for my_domain

evol · June 25, 2024, 11:09am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: joseldsm.com

I ran this command: sudo certbot --nginx joseldsm.com -d www.joseldsm.com

It produced this output: "DNS problem: looking up A for joseldsm.com: DNSSEC: RRSIGs Missing; no valid AAAA records found for joseldsm.com
(same for www.joseldsm.com)

My web server is (include version): nginx 1.18.0

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I don't know

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

I'm trying to get the https certification. My domain works perfectly for the basic http : joseldsm.com and www.joseldsm.com.

Thanks !

MikeMcQ · June 25, 2024, 1:53pm

Welcome @evol

Your DNS has a couple problems.

One is that the IP address in your A record is for a private IP address. That needs to be a public IP so the Let's Encrypt server can send your server an HTTP request to validate your cert request.

You say your site works on HTTP but it must work on the public internet. Not just your local network.

The other problem is the DNSSEC seems wrong on your DNS in general. I recommend disabling that first. Once you get a cert try to re-enable again. Sometimes that clears these up. Use the above Let's Debug test site to check after you re-enable it
https://dnsviz.net/d/joseldsm.com/dnssec/

evol · June 25, 2024, 2:11pm

Hello @MikeMcQ,

Thank you very much for your help. I just disabled DNSSEC for now. I didn't realize the IP adress was private. I really thought it worked on public internet.

I'll try to get a public adress instead then.

Thanks again !

evol · June 26, 2024, 1:25pm

I got a public IP and now it works ! Thanks a lot @MikeMcQ !

system · July 26, 2024, 1:25pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I don't understand this error Help	12	420	April 4, 2024
Isuess with create certbots Help	4	346	May 22, 2023
Certbot failed to authenticate some domains ; It works for most of my domains but few of them not working Help	5	718	July 17, 2022
Certbot failed to authenticate some domains Help	4	499	May 5, 2022
A certificate and AAAA certificate is not found by certbot Help	2	472	June 3, 2022

Certbot : "DNS problem: looking up A for my_domain: DNSSEC: RRSIGs Missing; no valid AAAA records found for my_domain

Related topics