My domain is: seirdy.one, www.seirdy.one, staging.seirdy.one, libravatar.seirdy.one
I recently added a new subdomain: libravatar.seirdy.one. With dig, I have verified that it has the correct A and AA records; I am even able to make successful unencrypted HTTP requests to it from a client that doesn't support HSTS headers.
Next, I tried to expand my LE cert to include it with certbot. The TTL was set to half an hour, but my issues persist well after that duration.
I ran this command: sudo certbot certonly --domain seirdy.one --domain www.seirdy.one --domain staging.seirdy.one --domain libravatar.seridy.one --key-type ecdsa --dry-run
It produced this output:
Simulating renewal of an existing certificate for seirdy.one and 3 more domains
Performing the following challenges:
http-01 challenge for libravatar.seridy.one
http-01 challenge for seirdy.one
http-01 challenge for staging.seirdy.one
http-01 challenge for www.seirdy.one
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Waiting for verification...
Challenge failed for domain libravatar.seridy.one
http-01 challenge for libravatar.seridy.one
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: libravatar.seridy.one
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for
libravatar.seridy.one - check that a DNS record exists for this
domain
My web server is: Nginx 1.19.10
The operating system my web server runs on is: Fedora 33 (Cloud Edition)
My hosting provider, if applicable, is: Digitalocean
I can login to a root shell on my machine: Yes
I'm using a control panel to manage my site: No
The version of my client is: certbot 1.14.0
Thanks!
