Challenges have failed: No valid A record

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: certbot --apache

It produced this output: Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Type: dns
Detail: no valid A records found for; no valid AAAA records found for

Type: dns
Detail: DNS problem: NXDOMAIN looking up A for - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for - check that a DNS record exists for this domain

My web server is (include version): Apache/2.4.52

The operating system my web server runs on is (include version): Ubuntu 22.02

My hosting provider, if applicable, is: squarespace

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

The squarespace DNS records in question HAVE been set up, for the record. An A record pointing to the server (hosted by DigitalOcean) and a CNAME record with the www subdomain pointed to the A record. Any suggestions would be greatly appreciated.

Edit: Thank you to the few people who've commented. What I've come to understand is that the DNS records were not set up properly.

HI @cmodrak, and welcome to the LE community forum :slight_smile:

How have you confirmed this?
Where were those changes made?


No, they haven't. I mean, maybe you've set them up in your control panel, but they don't exist on the public Internet:

╰─ dig                                                                                     ─╯

; <<>> DiG 9.10.6 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47218
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1232
;		IN	A

;; AUTHORITY SECTION:	3600	IN	SOA 1697035991 43200 7200 1209600 3600

;; Query time: 209 msec
;; WHEN: Fri Dec 22 14:37:20 EST 2023
;; MSG SIZE  rcvd: 113

This begs a question of how long these things take to set once they've been introduced in the control panel. I set this up 2 days ago, and in my experiences with Google domains in the past the records exist in the broader internet nearly instantly.     nameserver =     nameserver =     nameserver =     nameserver =     nameserver =     nameserver =     nameserver =     nameserver =

Are both expected?
It sounds like you intended to replace one with the other and ended up with both "in charge".

EDIT: I take that back.
It seems both are agreed:



There is no IP returned for that name by both DSPs.


DNSViz agrees: no A RRs for the apex domain nor the www subdomain:


The address shown in that first nslookup is accurate to the default DNS settings all squarespace domains start with, but those have already been deleted. This tells me the DNS settings have not yet been updated. The second nslookup is more confusing, as its not the IP address I set the Data field to in the DNS settings nor do I see anything like it in the defaults. This is part of the issue, i would imagine.

This seems a bit interesting

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.