DNS issue while add cert


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:chat.algorthmiz.net

I ran this command: /usr/local/bin/certbot-auto certonly --standalone -d chat.algorithmz.net --preferred-challenges http --agree-tos -n -m root@algorithmz.net --keep-until-expiring

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for chat.algorithmz.net
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. chat.algorithmz.net (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for chat.algorithmz.net

IMPORTANT NOTES:

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
sys.exit(main())
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1364, in main
return config.func(config, plugins)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 1254, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py”, line 120, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 391, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 334, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py”, line 370, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/auth_handler.py”, line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. chat.algorithmz.net (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for chat.algorithmz.net


#2

Hi @ahmed.aly4

if you want to use the http-01 - challenge, then there must be a webserver. Yours or new created by certbot. But then there is a dns-record

chat.algorthmiz.net -> your IP-address

required.

There are two records

algorthmiz.net -> 13.81.117.217
www.algorthmiz.net -> 13.81.117.217

But nothing for chat.algorthmiz.net. If chat.algorthmiz.net should run on the same ip-address, add a dns-record.


#3

You should fix this on a DNS provider or server level. Nothing we can do about or help with.


#4

image
so dns record is exist


#6

No, there is no dns record. That’s your question.

Look at

https://letsdebug.net/chat.algorithmz.net/3281

Looks like your DNS is misconfigured and sends wrong answers.


#8

i don’t use web server just rocket chat
so have i install and config nginx


#10

please can you check this


#11

please can anybody help
here is last update i fix dns issue
dear all
i have rocket chat srv i install nginx to apply https
and certbot too
when i run
sudo certbot --nginx -d chat.algorithmz.net -d www.chat.algorithmz.net
i got this

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for chat.algorithmz.net
http-01 challenge for www.chat.algorithmz.net
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. chat.algorithmz.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://chat.algorithmz.net/.well-known/acme-challenge/oYbxdVFGT5jWV9wW97q8AZMdFvhr0JQl__RG7E5M3B4: "<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. ....................

#12

Is that a residential router?

Do you have port 80 forwarded to the machine running nginx, certbot and rocket chat?

From here is looks like it’s a Windows machine running Apache / XAMPP.

The CA will connect on port 80 to verify the challenge, so that port needs to go to the machine that can answer it (ie, the one running certbot).


#13

XAMPP. is running on machine
how can i do it


#14

Could you describe the entirety of your setup? Rather than us taking random guesses bit-by-bit, it would be easier to direct you if we understood how you actually had everything set up.


#15

this server assigned to rocket chat


this is the main page if i didn’t choose the port 3000
i install nginx and config as below

server {
listen 80 default_server;
server_name chat.algorithmz.net;

location /.well-known/acme-challenge {
    root /var/www/letsencrypt;
}
# ...

}


#16

can anyone help
if someone can have team viewer session


#17

I was more wondering about your network layout. Is this server at your home? How is your port forwarding configured?

  1. Which systems are involved? It seems that you have at least two - a Windows system running Apache and XAMPP, and a Linux system running nginx. Can you please clarify this?

  2. Can you describe your port forwarding configuration? Which of the servers described in (1) have port 80 forwarded to them from your router?


#18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.