DNS problem looking up A for subdomains

helixion · December 13, 2017, 5:07pm

Currently I have 1 domain and 2 sub-domains:

bestinslot.org www.bestinslot.org
forum.bestinslot.org
bless.bestinslot.org

bless.bestinslot.org:

server {
listen 80;
listen [::]:80;

        server_name bless.bestinslot.org;

        root /var/www/example.com;
        index index.html;

        location / {
                try_files $uri $uri/ =404;
        }
}

forum:
(I plan on using a reverse proxy for the forum.bestinslot.org

server {
listen 80;
server_name forum.bestinslot.org;
return 301 https://forum.bestinslot.org$request_uri;
}
#server {
# listen 443 ssl spdy;
# server_name discourse.example.com;
# ssl_certificate /etc/letsencrypt/live/discourse.example.com/fullchain.$
# ssl_certificate_key /etc/letsencrypt/live/discourse.example.com/privke$
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

However when I try to use certbot I get the following error:

The following errors were reported by the server:

Domain: forum.bestinslot.org
Type: connection
Detail: DNS problem: SERVFAIL looking up A for forum.bestinslot.org

Domain: bless.bestinslot.org
Type: connection
Detail: DNS problem: SERVFAIL looking up A for bless.bestinslot.org

my A record for bestinslot is A
45.32.xx.xxx
300

What did I do wrong?

jared.m · December 13, 2017, 5:18pm

You have an A record for bestinslot.org, but not for forum.bestinslot.org (or bless, for that matter). You need a DNS record for each subdomain you want to exist.

helixion · December 13, 2017, 5:25pm

oshit, you’re right. now I get this error tho

Domain: bless.bestinslot.org
   Type:   connection
   Detail: Connection refused

   Domain: forum.bestinslot.org
   Type:   connection
   Detail: Connection refused

jared.m · December 13, 2017, 5:34pm

What’s the command you’re using?

helixion · December 13, 2017, 5:37pm

certbot --nginx -d

thought maybe it was my firewall, but I have 443 open.. hmm.

Failed authorization procedure. bless.bestinslot.org (tls-sni-01): urn:acme:erro r:connection :: The server could not connect to the client to verify the domain :: Connection refused, forum.bestinslot.org (tls-sni-01): urn:acme:error:connect ion :: The server could not connect to the client to verify the domain :: Connec tion refused

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: bless.bestinslot.org
Type: connection
Detail: Connection refused

Domain: forum.bestinslot.org
Type: connection
Detail: Connection refused

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

cpu · December 13, 2017, 5:59pm

Is 45.32.66.179 the correct IP address for both of those domains to resolve to?

For what it's worth I'm also seeing connection refused from my network perspective:

$ openssl s_client -connect forum.bestinslot.org:443 </dev/null
connect: Connection refused
connect:errno=111
$ openssl s_client -connect bless.bestinslot.org:443 </dev/null
connect: Connection refused
connect:errno=111

helixion · December 13, 2017, 6:31pm

figured it out, thanks for the help.

cpu · December 13, 2017, 6:38pm

What was the solution? It would be great to capture that in this thread in case anyone else finds their way here

helixion · December 13, 2017, 6:41pm

It was an issue with bless.bestinslot.org, so just a server block config problem. I just excluded it since there really isn’t a site there to begin with and ill go back and include it later.

Aidan · December 15, 2017, 6:30am

Nice! Just make sure those pesky config files are setup right, lol.

system · January 14, 2018, 6:30am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.