Challenges have failed: No valid A record

cmodrak · December 22, 2023, 7:33pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: evoconsolutions.com

I ran this command: certbot --apache

It produced this output: Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: evoconsolutions.com
Type: dns
Detail: no valid A records found for evoconsolutions.com; no valid AAAA records found for evoconsolutions.com

Domain: www.evoconsolutions.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.evoconsolutions.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.evoconsolutions.com - check that a DNS record exists for this domain

My web server is (include version): Apache/2.4.52

The operating system my web server runs on is (include version): Ubuntu 22.02

My hosting provider, if applicable, is: squarespace

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

The squarespace DNS records in question HAVE been set up, for the record. An A record pointing to the server (hosted by DigitalOcean) and a CNAME record with the www subdomain pointed to the A record. Any suggestions would be greatly appreciated.

Edit: Thank you to the few people who've commented. What I've come to understand is that the DNS records were not set up properly.

rg305 · December 22, 2023, 7:39pm

HI @cmodrak, and welcome to the LE community forum

How have you confirmed this?
Where were those changes made?

danb35 · December 22, 2023, 7:39pm

No, they haven't. I mean, maybe you've set them up in your control panel, but they don't exist on the public Internet:

╰─ dig evoconsolutions.com                                                                                     ─╯

; <<>> DiG 9.10.6 <<>> evoconsolutions.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47218
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;evoconsolutions.com.		IN	A

;; AUTHORITY SECTION:
evoconsolutions.com.	3600	IN	SOA	dns1.p01.nsone.net. hostmaster.nsone.net. 1697035991 43200 7200 1209600 3600

;; Query time: 209 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Dec 22 14:37:20 EST 2023
;; MSG SIZE  rcvd: 113

cmodrak · December 22, 2023, 7:41pm

This begs a question of how long these things take to set once they've been introduced in the control panel. I set this up 2 days ago, and in my experiences with Google domains in the past the records exist in the broader internet nearly instantly.

rg305 · December 22, 2023, 7:42pm

evoconsolutions.com     nameserver = dns1.p06.nsone.net
evoconsolutions.com     nameserver = dns2.p06.nsone.net
evoconsolutions.com     nameserver = dns3.p06.nsone.net
evoconsolutions.com     nameserver = dns4.p06.nsone.net
evoconsolutions.com     nameserver = ns01.squarespacedns.com
evoconsolutions.com     nameserver = ns02.squarespacedns.com
evoconsolutions.com     nameserver = ns03.squarespacedns.com
evoconsolutions.com     nameserver = ns04.squarespacedns.com

Are both expected?
~~It sounds like you intended to replace one with the other and ended up with both "in charge".~~

EDIT: I take that back.
It seems both are agreed:

nslookup evoconsolutions.com dns1.p06.nsone.net
Server:  dns1.p06.nsone.net
Address:  198.51.44.6
Name:    evoconsolutions.com

nslookup evoconsolutions.com ns01.squarespacedns.com
Server:  ns01.squarespacedns.com
Address:  45.54.22.1
Name:    evoconsolutions.com

There is no IP returned for that name by both DSPs.

Osiris · December 22, 2023, 7:46pm

DNSViz agrees: no A RRs for the apex domain nor the www subdomain:

https://dnsviz.net/d/evoconsolutions.com/dnssec/?rr=1&rr=28&a=all&ds=all&ta=.&tk=

https://dnsviz.net/d/www.evoconsolutions.com/dnssec/

cmodrak · December 22, 2023, 7:51pm

The address shown in that first nslookup is accurate to the default DNS settings all squarespace domains start with, but those have already been deleted. This tells me the DNS settings have not yet been updated. The second nslookup is more confusing, as its not the IP address I set the Data field to in the DNS settings nor do I see anything like it in the defaults. This is part of the issue, i would imagine.

Bruce5051 · December 22, 2023, 8:24pm

This seems a bit interesting

system · January 21, 2024, 8:25pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Some challenges have failed Help	2	169	May 17, 2024
No valid A records found Help	5	3864	April 28, 2022
No valid A records found Help	35	5560	July 5, 2022
No valid A records found for Help	3	224	April 16, 2024
No valid A records found Help	4	53	January 11, 2025

Challenges have failed: No valid A record

There is no IP returned for that name by both DSPs.

Related topics