My domain is: seirdy.one, www.seirdy.one, staging.seirdy.one, libravatar.seirdy.one
I recently added a new subdomain:
dig, I have verified that it has the correct
AA records; I am even able to make successful unencrypted HTTP requests to it from a client that doesn't support HSTS headers.
Next, I tried to expand my LE cert to include it with
certbot. The TTL was set to half an hour, but my issues persist well after that duration.
I ran this command:
sudo certbot certonly --domain seirdy.one --domain www.seirdy.one --domain staging.seirdy.one --domain libravatar.seridy.one --key-type ecdsa --dry-run
It produced this output:
Simulating renewal of an existing certificate for seirdy.one and 3 more domains Performing the following challenges: http-01 challenge for libravatar.seridy.one http-01 challenge for seirdy.one http-01 challenge for staging.seirdy.one http-01 challenge for www.seirdy.one Using default addresses 80 and [::]:80 ipv6only=on for authentication. Waiting for verification... Challenge failed for domain libravatar.seridy.one http-01 challenge for libravatar.seridy.one Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: libravatar.seridy.one Type: dns Detail: DNS problem: NXDOMAIN looking up A for libravatar.seridy.one - check that a DNS record exists for this domain
My web server is: Nginx 1.19.10
The operating system my web server runs on is: Fedora 33 (Cloud Edition)
My hosting provider, if applicable, is: Digitalocean
I can login to a root shell on my machine: Yes
I'm using a control panel to manage my site: No
The version of my client is: certbot 1.14.0