Certbot gives dns error -- can't find A record


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: rtitek.com, www.rtitek.com

I ran this command: certbot --apache -d rtitek.com -d www.rtitek.com

It produced this output:
domain: rtitek.com
type: None
detail: DNS Problem: query timed out looking up A for rtitek.com (the same message for www.rtitek.com.)

My web server is (include version): apache 2.4.18

The operating system my web server runs on is (include version): ubuntu 16.04.4

My hosting provider, if applicable, is: running on dedicated server

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2
rtitek.com.             172800  IN      NS      ns2.hostulator.com.

ns2.hostulator.com doesn’t exist. It looks like you made a typographical error when entering your nameservers at your domain registrar. You probably meant dns2.hostulator.com.


#3

Hi, thanks for the reply, I’ve been away for a few days and am just now seeing this. At my domain provider, I have dns1.hostulator.com, and dns2.hostulator.com for rtitek.com set.

I just looked at my bind9 zone file for rtitek.com, and the ns records are set properly to dns1/dns2 acordinly. what dns server are you using? I am wondering if the server you nslookup’ed against wasn’t propagated yet. Do you still get the same results today? Thank you so much for your help.


#4

The TLD still says:

hostulator.com.         172800  IN      NS      ns2.hostulator.com.
hostulator.com.         172800  IN      NS      dns1.hostulator.com.

rtitek.com.             172800  IN      NS      ns2.hostulator.com.
rtitek.com.             172800  IN      NS      dns1.hostulator.com.

Unless you changed it within the last few minutes, those are the current nameservers.


#5

HI again… OK. I’ve figured out my domain issues with my domain controler namecheap.comwhois.domaintools.com now shows rtitek.com with dns1/dns2 .hostulator.com as its dns servers. I am getting a new error from certbot:

(admin@gandolf:pts/0)-<~> # certbot --apache -d rtitek.com -d www.rtitek.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for rtitek.com
http-01 challenge for www.rtitek.com
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.rtitek.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.rtitek.com/.well-known/acme-challenge/QYmc0LZFR_WErv1CVFjNAud6epo5EzKQpEww5KjG8wQ: Timeout during connect (likely firewall problem), rtitek.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://rtitek.com/.well-known/acme-challenge/FZ2XG4emPqdd9W0ftlJLD8Lydp4nFz3Iv9rw7CRKZtk: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

ANy help would be greatly appreciated. Thank you.


#6

Are you sure your webserver is accessible from the internet on port 80?


#7

I can access http://rtitek.com/. Maybe there’s a routing issue and Let’s Encrypt really can’t?

That would also help explain the DNS errors – the web server is also one of the DNS servers.


#8

Yes. Its working fine. If you go to www.rtitek.com it takes you to a placeholder page for jmy domain. On my server.

Best,


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.