DNS problem looking up A for subdomains

Currently I have 1 domain and 2 sub-domains:

bestinslot.org www.bestinslot.org
forum.bestinslot.org
bless.bestinslot.org

bless.bestinslot.org:

server {
listen 80;
listen [::]:80;

        server_name bless.bestinslot.org;

        root /var/www/example.com;
        index index.html;

        location / {
                try_files $uri $uri/ =404;
        }
}

forum:
(I plan on using a reverse proxy for the forum.bestinslot.org

server {
listen 80;
server_name forum.bestinslot.org;
return 301 https://forum.bestinslot.org$request_uri;
}
#server {
# listen 443 ssl spdy;
# server_name discourse.example.com;
# ssl_certificate /etc/letsencrypt/live/discourse.example.com/fullchain.$
# ssl_certificate_key /etc/letsencrypt/live/discourse.example.com/privke$
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

However when I try to use certbot I get the following error:

The following errors were reported by the server:

Domain: forum.bestinslot.org
Type: connection
Detail: DNS problem: SERVFAIL looking up A for forum.bestinslot.org

Domain: bless.bestinslot.org
Type: connection
Detail: DNS problem: SERVFAIL looking up A for bless.bestinslot.org

my A record for bestinslot is A
45.32.xx.xxx
300

What did I do wrong?

You have an A record for bestinslot.org, but not for forum.bestinslot.org (or bless, for that matter). You need a DNS record for each subdomain you want to exist.

1 Like

oshit, you’re right. now I get this error tho

Domain: bless.bestinslot.org
   Type:   connection
   Detail: Connection refused

   Domain: forum.bestinslot.org
   Type:   connection
   Detail: Connection refused

What’s the command you’re using?

certbot --nginx -d

thought maybe it was my firewall, but I have 443 open… hmm.

Failed authorization procedure. bless.bestinslot.org (tls-sni-01): urn:acme:erro r:connection :: The server could not connect to the client to verify the domain :: Connection refused, forum.bestinslot.org (tls-sni-01): urn:acme:error:connect ion :: The server could not connect to the client to verify the domain :: Connec tion refused

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: bless.bestinslot.org
    Type: connection
    Detail: Connection refused

    Domain: forum.bestinslot.org
    Type: connection
    Detail: Connection refused

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

Is 45.32.66.179 the correct IP address for both of those domains to resolve to?

For what it’s worth I’m also seeing connection refused from my network perspective:

$ openssl s_client -connect forum.bestinslot.org:443 </dev/null
connect: Connection refused
connect:errno=111
$ openssl s_client -connect bless.bestinslot.org:443 </dev/null
connect: Connection refused
connect:errno=111

figured it out, thanks for the help.

1 Like

What was the solution? It would be great to capture that in this thread in case anyone else finds their way here :slight_smile:

It was an issue with bless.bestinslot.org, so just a server block config problem. I just excluded it since there really isn’t a site there to begin with and ill go back and include it later.

1 Like

Nice! Just make sure those pesky config files are setup right, lol.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.