Hi,
Running certbot either from the command line or in a postbuild EB hook fails. I have successfully verified my domain records using DNSSpy and DNSViz, and check-your-website.server-daten.de.
Please help.

My domain is:
baazii.com
I ran this command:
sudo certbot -n -d bazzii.com --nginx --agree-tos
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for bazzii.com
Performing the following challenges:
http-01 challenge for bazzii.com
Waiting for verification...
Challenge failed for domain bazzii.com
http-01 challenge for bazzii.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: bazzii.com
  Type: dns
  Detail: DNS problem: SERVFAIL looking up A for bazzii.com - the
  domain's nameservers may be malfunctioning; DNS problem: SERVFAIL
  looking up AAAA for bazzii.com - the domain's nameservers may be
  malfunctioning

My web server is (include version):
Node.js 12 running on 64bit
The operating system my web server runs on is (include version):
Amazon Linux 2/5.4.10
My hosting provider, if applicable, is:
AWS Elastic BeanStalk
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
AWS Beanstalk
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.11.0

If you are sure your authoritative DNS are working, try again later.

If you are not sure, ask their support or maybe change them. There's a list somewhere on the forum (I'd say top3 are cloudflare, he, and 1984.is)

Interesting! Which domain did you analyse? As I just analised bazzii.com and it was the first analysis on DNSViz (bazzii.com | DNSViz): no previous analysis exists..

Also, your thread title states:

DNS problem looking up A record for my domain

The actual error message states:

Not sure how to mis those three extra "A"'s though

Anyway, it's a wonder the A resource record didn't produce an error.. Or maybe IPv6 (AAAA) is prefered, because all your authoriative DNS servers seem to be malfunctioning. See the DNSViz report I linked above.

@Osiris, thanks for looking into this.
The error is for both the A and AAAA records:
Detail:

And this is the DNSViz report, updated 42 minutes ago: baazii.com | DNSViz

Thanks @9peppe.
As far as I can tell my DNS server (Route 53) is working fine. I'll try later, thanks.

That's not the same hostname as from the error messages..

Thank you @Osiris !
I must be blind! Had been banging my head against the wall all day
Everything is working now!
Thanks a lot!

Was it a spelling/TYPO problem?

Yes @rg305. I had bazzii instead of baazii for my certbot domain argument!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.