Requesting a certificate for pantook.com and www.pantook.com
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: www.pantook.com
Type: dns
Detail: During secondary validation: no valid A records found for www.pantook.com; no valid AAAA records found for www.pantook.com
This is strange. You should check your nameservers.
❯ dig ns pantook.com
; <<>> DiG 9.16.41 <<>> ns pantook.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22680
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;pantook.com. IN NS
;; Query time: 453 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Sep 23 06:42:12 CEST 2023
;; MSG SIZE rcvd: 40
Hi @jakkapet2k, and welcome to the LE community forum 
That is not a globally recognized authoritative server for your domain [nor for any domain].
That looks like a stub resolver.
These are the authoritative DNS servers for your domain:
pantook.com nameserver = ns-a1.cloud.z.com
pantook.com nameserver = ns-a3.cloud.z.com
pantook.com nameserver = ns-a4.cloud.z.com
They don't agree on who are the authoritative name servers:
nslookup -q=ns pantook.com ns-a1.cloud.z.com
*** No name server (NS) records available for pantook.com
nslookup -q=ns pantook.com ns-a3.cloud.z.com
pantook.com nameserver = ns-a1.cloud.z.com
pantook.com nameserver = ns-a3.cloud.z.com
pantook.com nameserver = ns-a4.cloud.z.com
nslookup -q=ns pantook.com ns-a4.cloud.z.com
pantook.com nameserver = ns-a1.cloud.z.com
pantook.com nameserver = ns-a3.cloud.z.com
pantook.com nameserver = ns-a4.cloud.z.com
ACTIVE:
ns-a1.cloud.z.com - NOT in sync
ns-a3.cloud.z.com - synced
ns-a4.cloud.z.com - synced
INACTIVE:
ns-a2.cloud.z.com - synced
ns-a5.cloud.z.com - synced
ns-a6.cloud.z.com - synced
Also, each hostname isn't in sync with itself. 
❯ dig a www.pantook.com @ns-a1.cloud.z.com. -4
; <<>> DiG 9.16.41 <<>> a www.pantook.com @ns-a1.cloud.z.com. -4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64978
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 2800
;; QUESTION SECTION:
;www.pantook.com. IN A
;; ANSWER SECTION:
www.pantook.com. 3600 IN A 45.144.164.74
;; Query time: 436 msec
;; SERVER: 150.95.19.148#53(150.95.19.148)
;; WHEN: Sat Sep 23 07:07:53 CEST 2023
;; MSG SIZE rcvd: 60
~
❯ dig a www.pantook.com @ns-a1.cloud.z.com. -6
; <<>> DiG 9.16.41 <<>> a www.pantook.com @ns-a1.cloud.z.com. -6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6195
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 2800
;; QUESTION SECTION:
;www.pantook.com. IN A
;; Query time: 273 msec
;; SERVER: 2404:f080:1101:310::53#53(2404:f080:1101:310::53)
;; WHEN: Sat Sep 23 07:07:58 CEST 2023
;; MSG SIZE rcvd: 44
~
❯
Thanks everyone, now I have solved the problem.
It would be nice to close the topic with an explanation of the solution.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.