DNS problem: networking error looking up A for

Hello everyone,

I installed LetsEncrypt (specifically certbot-auto) on a system to work with the latest ISPConfig 3.1b2.
However, whenever I try to create a cert, I get an error like this:

DNS problem: networking error looking up A for kirito.ennabe.de

The DNS works fine, however, since I can access the server without any problems using the exact same domain.

Here’s the complete error message:

`Failed authorization procedure. kirito.ennabe.de (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: networking error looking up A for kirito.ennabe.de


  • The following errors were reported by the server:

    Domain: kirito.ennabe.de
    Type: connection
    Detail: DNS problem: networking error looking up A for

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

Can you help me with this issue?
Thank you in advance

Kind Regards

Sascha Schroeder

There is another topic on this issue as well at Cannot lookup A record for domain.

There was a problem with the validation service that has been resolved. Things are working again.


Hi. Sorry to piggyback on the post, but I was facing a similar issue. My DNS records are configured to use CNAME. Is it mandatory to have an A record for the domain? Thanks.

CNAME’s work, as long as the target has an A record of course.

So A records are a must? CNAME is optional? I tried to have both CNAME and and A record, but GoDaddy did not allow that.

Currently all my subdomains have only CNAME records. So looks like I have to change them all to A. Hope they allow multiple A records pointing to the same IP address.

No, you can have CNAMEs for your subdomains, they just have to be pointing at a domain that does have an A record. It sounds like you have the same setup that I do of an A record for the base domain with the subdomains CNAMEed to that which is correct and works.

Ah ha! The problem is that the primary domain and these subdomains are on different servers.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.