Could Not find A record

My domain is:
I ran this command:
sudo certbot --nginx -d -d

It produced this output:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Type: dns
Detail: DNS problem: SERVFAIL looking up A for - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for - the domain's nameservers may be malfunctioning
My web server is (include version):
nginx version: nginx/1.24.0 (Ubuntu)
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
istributor ID: Ubuntu
Description: Ubuntu 23.10
Release: 23.10
Codename: mantic
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.1.0

Certbot cannot find A record for - the error message informs me. I use Digital Ocean as a hoster.

There is something that caught my attention. In the digital Ocean control panel I can create an A record for but not for - input validation does not allow me to do so. I cannot understand why.

And I do not know if what I am describing above is the cause of the issue.
So you could say this is a DO problem, I am posting here first just to make sure is not sth else.


It's not DO.

It's your nameservers. Did you update them in the gr. zone? (From your registrar's interface)


I do not quite understand what are you trying to say.
In my domain registrar I have only entered the nameservers of DO...nothing else.

are you implying to do sth like that?


Whatever nameservers are authoritative for your domain need to respond with an A record, pointing to the appropriate IP address. Right now, it doesn't look like you have any authoritative nameservers for your domain--you need to fix that, likely with whoever you bought the domain from:

─ dig ns                                                                                               ─╯

; <<>> DiG 9.10.6 <<>> ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19705
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1232
;				IN	NS

;; Query time: 1284 msec
;; WHEN: Thu Dec 07 08:20:46 EST 2023
;; MSG SIZE  rcvd: 35

I know I do not have A record for am just trying to find out the reason. DO does not let me create A record for can only create A record for

That's important, and you need to figure out how to fix it, but it's less important than the fact that you don't have NS records. NS records tell the Internet what nameservers it should use to resolve your domain, and there are no such records. Without them, you can do whatever you want on DO, and it won't have any effect.


Can't you input as the entry for the A record? Notice the single dot at the end.


See for yourself....see what happens.
input becomes

And a @?

(Weird by the way, where does the www suddenly come from? Doesn't make sense..)


I do have NS

If iI didn't would be inacessible.

Weird. Why do all those domains have www in front of it? Even the CAA RR? That's very weird.

Is your entire DNS zone perhaps for (Which would be weird.)

If I request the SOA RR for on it says REFUSED. But when I search for the SOA RR for, it answers with a SOA RR.

Why do you have your SOA RR set for the www subdomain and not


Typing @ just prints the entire

Yeah, your DNS zone is misconfigured. I have no clue how that works with DigitalOcean, but for some reason you only have access to the DNS zone for and DigitalOcean thinks the DNS zone for does not exist. At least not on their DNS servers.

You want a DNS zone for where you can add things for and also the subdomain www.


Sorry...I cannot follow you....if you could elaborate a little.

1 Like

How am I suppose to do that?...I have no idea at all.

DNS is separated in "zones". For simple setups you've got the root zone ., the TLD zone (gr.) and the zone for the domain name ( Each have their own SOA RR. Within a zone you can have multiple subdomains. For TLDs this would be new/other zones with their own SOA RR, but for a simple domain such as, that zone would just have some subdomains like www with a A or perhaps a CAA RR for the zone origin itself (e.g.

For some reason, DigitalOcean does not think the domain is a DNS zone on their DNS servers. It seems you can only change things within the DNS zone which usually is not even a complete DNS zone, but just a single A RR or sometimes perhaps an extra AAAA RR. Not a complete DNS zone with SOA RR and NS RRs.

I don't know either. :man_shrugging:t2: I don't have any experience with DigitalOcean, I have no clue how their configuration system looks like, which options you have. Or not have. You might need to contact Digital Ocean about this.

Looking at

Did you perhaps enter when you added your domain to the Digital Ocean domains in your control panel? Instead of just


At the time I posted, you didn't have NS records for Now you do. Good. And in fact you now have an A record for too. All steps in the right direction.


I solved it after all....I just added as a 2nd domain - with the corresponding DNS records....I got the certificate.

If it's a "second domain", you really didn't solve it; things are still badly misconfigured. should be the only domain; is a subdomain. It shouldn't have its own NS records (it does).


You probably want to remove the "domain" and place the www subdomains A RR under the DNS zone (or "domain" in the Digital Oceans control panel).