DNS Problem/Error AWS Lightsail for Creating SSL Certificate

My domain is: ampsers.com

I ran this command:

sudo /opt/bitnami/bncert-tool

It produced this output:

Warning: The domain 'ampsers.com' resolves to a different IP address than the
one detected for this machine, which is ''. Please fix its DNS
entries or remove it. For more info see:
Press [Enter] to continue:

My web server is (include version): AWS Lightsail

The operating system my web server runs on is (include version): Linux Bitnami WordPress on AWS Lightsail

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 0.31.0

Previously I had another Lightsail instance on my AWS server on which I was able to generate a certificate using the command sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly . I deleted that instance and created a new one and attached the previous static IP to the new one. But now even for this command it is giving some DNS problem error.

Hm, strange, if I resolve your hostname, I get the same IP address back as your warning says it really is.

What does host ampsers.com give as result when ran from your server?

By the way, there are a few warning and more important errors visible on ampsers.com | DNSViz , although I'm not sure if they are the cause of this. (Probably not, as UnboundTest can resolve your IP address nicely too: https://unboundtest.com/m/A/ampsers.com/AKWBQYJM )

host ampsers.com

ampsers.com has address
ampsers.com has IPv6 address 2406:da1a:9ab:e600:7a18:41f1:114d:d5d9
ampsers.com mail is handled by 10 inbound-smtp.us-east-1.amazonaws.com.

Well, that looks allright to me. Why would bncert-tool complain about it, if everything looks good? Weird.. Not sure what's going on, perhaps it'll work now somehow?

It's not working. (Tried 2 mins ago).

I'm trying to ignore/suppress the fact that I had deleted a Lightsail instance before and replaced that with a new one which I'm running now, by attaching it with the previous static IP. Is that a matter of concern?

Additional response to "perhaps it'll work now somehow?" - - I've been trying to make it work and have been saying that to myself for the past 48+ hours.. :sweat_smile: :laughing:

Other Method:

sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly

The following is the error:

The TXT was successfully added. Network Tools: DNS,IP,Email (CHANGED NOW).


I just wanted to let you all/everybody know that this problem was rectified by adding the TXT record in the "Route 53" also. I followed the second method which I have posted in this thread.

Thanks all for your consideration!

Glad you've got yourself a certificate, but note that if you don't actually require a wildcard certificate (and thus require the dns-01 challenge), the preferred method is one that can be automated. Such as the http-01 challenge in stead of the dns-01 challenge.

Also, you say your DNS runs on Route53, right? Because there's also a Route53 DNS plugin which can be automated.


In regards to "Glad you've got yourself a certificate, but note that.." oh I see... I'll have to learn more about it..

"there's also a Route53 DNS plugin"..Oh I see..I'll find out about that!

Thanks for the information!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.