Hi,
Running certbot either from the command line or in a postbuild EB hook fails. I have successfully verified my domain records using DNSSpy and DNSViz, and check-your-website.server-daten.de.
Please help.
My domain is: baazii.com
I ran this command:
sudo certbot -n -d bazzii.com --nginx --agree-tos
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for bazzii.com
Performing the following challenges:
http-01 challenge for bazzii.com
Waiting for verification...
Challenge failed for domain bazzii.com
http-01 challenge for bazzii.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: bazzii.com
Type: dns
Detail: DNS problem: SERVFAIL looking up A for bazzii.com - the
domain's nameservers may be malfunctioning; DNS problem: SERVFAIL
looking up AAAA for bazzii.com - the domain's nameservers may be
malfunctioning
My web server is (include version):
Node.js 12 running on 64bit
The operating system my web server runs on is (include version):
Amazon Linux 2/5.4.10
My hosting provider, if applicable, is:
AWS Elastic BeanStalk
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
AWS Beanstalk
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.11.0
Interesting! Which domain did you analyse? As I just analised bazzii.com and it was the first analysis on DNSViz (bazzii.com | DNSViz): no previous analysis exists..
Also, your thread title states:
DNS problem looking up A record for my domain
The actual error message states:
Not sure how to mis those three extra "A"'s though
Anyway, it's a wonder the A resource record didn't produce an error.. Or maybe IPv6 (AAAA) is prefered, because all your authoriative DNS servers seem to be malfunctioning. See the DNSViz report I linked above.