Dns error installation let's encrypt on debian 12

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version): apache

The operating system my web server runs on is (include version): debian 12

the problem is :
sudo certbot --apache -d colombe.lnet.ma -d www.colombe.lnet.ma
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for colombe.lnet.ma and www.colombe.lnet.ma

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: colombe.lnet.ma
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for colombe.lnet.ma - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for colombe.lnet.ma - check that a DNS record exists for this domain

Domain: www.colombe.lnet.ma
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.colombe.lnet.ma - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.colombe.lnet.ma - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Please help me

errorDNSENCRYPT
errorDNSENCRYPT1350×344 15 KB

2

These hostnames do not exist in the DNS:

https://dnsviz.net/d/www.colombe.lnet.ma/ZnVHew/dnssec/

To have the http-01 challenge, which is used by the --apache plugin, work, the hostnames need to have an A or AAAA RR associated with it, so the Let's Encrypt validation server can connect to the server to validate the hostname(s).

1 Like
3

nslookup

4

db.colombe.lnet.ma
db.colombe.lnet.ma827×239 5.08 KB

5

db.228
db.228816×301 5.34 KB

6

my dns works fine or am I mistaken?

7

You're querying your local DNS server. What does a dig +trace www.colombe.lnet.ma say?

1 Like
8

it looks like this :

dig_colombe
dig_colombe1346×703 28.6 KB

root@ip180:~# dig +trace www.colombe.lnet.ma

; <<>> DiG 9.18.24-1-Debian <<>> +trace www.colombe.lnet.ma
;; global options: +cmd
. 506779 IN NS g.root-servers.net.
. 506779 IN NS b.root-servers.net.
. 506779 IN NS k.root-servers.net.
. 506779 IN NS f.root-servers.net.
. 506779 IN NS c.root-servers.net.
. 506779 IN NS j.root-servers.net.
. 506779 IN NS e.root-servers.net.
. 506779 IN NS h.root-servers.net.
. 506779 IN NS a.root-servers.net.
. 506779 IN NS d.root-servers.net.
. 506779 IN NS i.root-servers.net.
. 506779 IN NS l.root-servers.net.
. 506779 IN NS m.root-servers.net.
. 506779 IN RRSIG NS 8 0 518400 20240704050000 20240621040000 5613 . gayBX+cGqaoeSHZ8Ei+6WoUf/sC87H0xuagwfTSpz+xruYm/Xrt9QTN5 RX+Cu6Uu1iMxCQwLOJwYlcaEmym0blQUHl+o5mt5zYk3trVa/By+X4S0 HAnAs5VvNaMK3ah3Npg+UhgL1oudA704a1noIEYkj07wkY0njb+/jpnc xcn6jswNDfQQxF9Sr8qmXhtjXg7quBQIgrsN4BJ0jdWrXViAeQJKYfVf dLeq2jx3fb5gwYFhLvkcpNDz71HdD93njJL+XaEfkrjma+amhOcAjvOr Cb8Z/ykrqjjTv9IAXOEgpDPtIrTuujmgCJY7Mvq04l/Bi8q+3+1ur+/K 1Ny8sg==
;; Received 1137 bytes from 141.95.228.180#53(141.95.228.180) in 0 ms

ma. 172800 IN NS a.tld.ma.
ma. 172800 IN NS dns.inria.fr.
ma. 172800 IN NS b.tld.ma.
ma. 172800 IN NS e.tld.ma.
ma. 172800 IN NS d.tld.ma.
ma. 172800 IN NS c.tld.ma.
ma. 172800 IN NS f.tld.ma.
ma. 172800 IN NS ns-ma.nic.fr.
ma. 86400 IN DS 41102 8 2 EC91608875E8628E96FB65403D828E0782103EE815FD7E0B67ECCCAB 4B44EF56
ma. 86400 IN RRSIG DS 8 1 86400 20240704050000 20240621040000 5613 . awlQa8m2orXa2fTTifWRJRJzK7gKemehnw3JJ8CZM8raoy2BQbuPZZv6 39IOKYC/VZJl1F3jVRvAv+vwlwXNTzl42WRBTpxCcr67GI3I3JewqYKJ sTU5fVheyd+GqwWqRQAH+XBjnSqmMaQbaDd2unlzSANuHiDJPIAVx10p oIMn55UQNbavDh9K5UFIzCTUJLvoUyDZBhy5A+uV0IPRFgDWCnb+bRdP f8TwctmYxL7nQwZV+4fsJymhypeImcjv8xBu3ha5K+ShuXmikJS4y2zf /0ak/+9kerTIi//qui6ImtkUmUfELVYYbtEMZtGc4ychGXFj9sqJ7T48 PXZR2g==
;; Received 927 bytes from 192.36.148.17#53(i.root-servers.net) in 3 ms

lnet.ma. 108000 IN NS ns1.geniousdns.com.
lnet.ma. 108000 IN NS ns4.geniousdns.com.
lnet.ma. 108000 IN NS ns3.geniousdns.com.
lnet.ma. 108000 IN NS ns2.geniousdns.com.
TULFFRP5KGNCHLUJM5F2H7NMDVQG98K1.ma. 1800 IN NSEC3 1 0 10 6953DD4F22C2CAA4 TULG2QAUM3TJ6IN9K8TK2EEKC1EDNTKV NS
TULFFRP5KGNCHLUJM5F2H7NMDVQG98K1.ma. 1800 IN RRSIG NSEC3 8 2 1800 20240721074819 20240621065300 1371 ma. UHH3yGUWaCdBHSXCutwf5YWETFjbhbjxhhixtMB1ITJ+UdSsHBOcc6lN n9bvmaBI2VPN+1tuB1HOXwPXLxuFvg8hLNuKsoVqOQOF1mX/r0V3nLAr SCLe+ofsf1wq8Qa0zrijRk5XX2GMjOK++JhKZ/7IWs6ed9Hb3w3cEAsz 1O4=
;; Received 413 bytes from 41.214.240.4#53(f.tld.ma) in 39 ms

lnet.ma. 1200 IN SOA ns1.geniousdns.com. hostmaster.genious.net. 2024050401 7200 900 1209600 1200
;; Received 124 bytes from 51.77.210.131#53(ns3.geniousdns.com) in 11 ms

9

As you can see from the trace, lnet.ma is hosted by those ns1-4.geniousdns.com and there's no further delegation to colombe.lnet.ma or beyond from them.

lnet.ma appears to be some sort of hosting provider. Is colombe a subdomain you setup with them? Was there a step you might have missed to delegate that sub-domain to your 141.95.228.180 nameserver?

5 Likes
10

no i don't think so. i've set up the dns properly

11

Where exactly?

2 Likes
12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.