Certbot fails with DNS problem

Guys, I have the trouble: user1@pythiadisco:~$ sudo certbot --nginx -d pythiadisco.ru -d www.pythiadisco.ru

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Requesting a certificate for pythiadisco.ru and www.pythiadisco.ru

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:

Domain: www.pythiadisco.ru

Type: dns

Detail: DNS problem: query timed out looking up A for www.pythiadisco.ru; DNS problem: query timed out looking up AAAA for www.pythiadisco.ru

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

user1@pythiadisco:~$ can you help me pls?

I moved your post into its own thread. We like each problem to have its own.

Had you posted in Help section to start you would have been shown the form below. Please answer as much as you can.

That said, the error message seems pretty clear. Let's Encrypt could not get an A and/or AAAA record in your DNS for your www subdomain name. At least one is required for an HTTP Challenge which the --nginx option uses.

Your apex domain is fine. It is just the www subdomain that fails. You could just add the missing A record to match your apex domain.

Normally when a record is missing your DNS server should reply NXDOMAIN. For some reason yours issues a SERVFAIL. So, that's something you should fix in your DNS config too. See, for example: www.pythiadisco.ru | DNSViz

You can also test your DNS with https://unboundtest.com

==========================================================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I got my certificate, thank for help it was fast and jut so helpful!