DNS problem: NXDOMAIN looking up A for 'knightslivestream.com' - check that a DNS record exists for this domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: knightslivestream.com and www.knightslivestream.com
I ran this command: sudo certbot
It produced this output:

sudo certbot
[sudo] password for metasebiya: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: knightslivestream.com
2: www.knightslivestream.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1,2 
Requesting a certificate for knightslivestream.com and www.knightslivestream.com
Performing the following challenges:
http-01 challenge for knightslivestream.com
http-01 challenge for www.knightslivestream.com
Waiting for verification...
Challenge failed for domain knightslivestream.com
Challenge failed for domain www.knightslivestream.com
http-01 challenge for knightslivestream.com
http-01 challenge for www.knightslivestream.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: knightslivestream.com
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up A for
   knightslivestream.com - check that a DNS record exists for this
   domain

   Domain: www.knightslivestream.com
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up A for
   www.knightslivestream.com - check that a DNS record exists for this
   domain

My web server is (include version): nginx version: nginx/1.18.0
The operating system my web server runs on is (include version): Ubuntu 21.04 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.12.0

Hi @Metasebiya-21, welcome to the LE community forum :slight_smile:

The problem is with DNS.
How new is this domain?
When did you last update the IPs for the name?
Are you using a CDN type service?

I see:

Name:      knightslivestream.com
Addresses: 23.217.138.108
           23.202.231.167

And also:
can't find knightslivestream.com: Non-existent domain

Hello, I was trying to setup my laptop as a server to host my WebRTC live streaming website and am using nginx as reverse proxy, I set this name to the server randomly 'knightslivestream.com' or any CDN type services

You can't just use any randomly chosen hostname on the internet: domain names need to be registered in the domain name system (DNS) through a DNS registar. I.e.: you need to buy a domain name first, before you can actually use it. Or use one of the free domain name services available on the internet.

1 Like

I got a registered domain now 'ethiolive.net' but i got the the following error while trying to generate ssl certificate key using certbot

sudo certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: ethiolive.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Requesting a certificate for ethiolive.net
Performing the following challenges:
http-01 challenge for ethiolive.net
Waiting for verification...
Challenge failed for domain ethiolive.net
http-01 challenge for ethiolive.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: ethiolive.net
   Type:   dns
   Detail: DNS problem: query timed out looking up A for ethiolive.net

I set my upstream to nodejs server, I am using NGINX a reverse proxy and load balancer

The DNS servers for ethiolive.net don't appear to be functioning properly.

https://dnsviz.net/d/ethiolive.net/dnssec/

2 Likes

More detail:

ethiolive.net   nameserver = ns1.hahucloud.com
ethiolive.net   nameserver = ns2.hahucloud.com

Name:      ns1.hahucloud.com
Addresses: 81.19.211.8     <<< duplicate
           94.46.223.234
           162.55.5.5      <<< duplicate
           168.119.36.203  <<< duplicate

Name:      ns2.hahucloud.com
Addresses: 81.19.211.8     <<< duplicate
           94.46.187.170
           162.55.5.5      <<< duplicate
           168.119.36.203  <<< duplicate

nslookup -q=ns ethiolive.net 81.19.211.8
*** UnKnown can't find ethiolive.net: Query refused

nslookup -q=ns ethiolive.net 94.46.223.234
*** UnKnown can't find ethiolive.net: Query refused

nslookup -q=ns ethiolive.net 162.55.5.5
;; connection timed out; no servers could be reached

nslookup -q=ns ethiolive.net 168.119.36.203
*** UnKnown can't find ethiolive.net: Query refused

nslookup -q=ns ethiolive.net 94.46.187.170
*** UnKnown can't find ethiolive.net: Query refused

Your domain isn't being served by any of the IPs resolved from your listed authoritative DNS servers.
Two servers which each have four IPs - but they overlap each other with three of those IPs.
So the expected eight IPs are actually only five unique IPs.
[a very strange and confusing setup]

1 Like

I change the nameserver now but I got this

sudo certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: ethiolive.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Requesting a certificate for ethiolive.net
Performing the following challenges:
http-01 challenge for ethiolive.net
Waiting for verification...
Challenge failed for domain ethiolive.net
http-01 challenge for ethiolive.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: ethiolive.net
   Type:   unauthorized
   Detail: Invalid response from
   http://www.ethiolive.net/.well-known/acme-challenge/aVmEEa0ve_YQBmZgfCNe6-XjNHJFFP13ARvf1G0Wt0E
   [45.58.190.82]: "\n<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01
   Transitional//EN\"
   \"http://www.w3.org/TR/html4/loose.dtd\">\n<HTML>\n<HEAD>\n<TITLE>Che"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

www.ethiolive.net       canonical name = parking.namesilo.com.
** server can't find parking.namesilo.com: NXDOMAIN

Is your domain named PARKED?

1 Like

I am using VPS server, provided by hahuclouds.com which is powered by digitalOcean

Fabulous.
Now you need to input the IP of that VPS into your DNS zone.
For both:
ethiolive.net
www.ethiolive.net

Note: You will need a functional HTTP site before you can secure it (via HTTP authentication).
[a parked site is NOT a functional HTTP site]

1 Like


this is dns management, this how I am configuring it, the Ip addresses are 159.65.237.131 10.10.0.20 10.136.0.16 , I need to check with you if am all good to go or not

Question: why are you adding those 10.0.0.0/8 IP addresses again?

2 Likes

it is my fault, I am now only using 159.65.237.131

1 Like

I still see only:

Name:    ethiolive.net
Address: 107.161.23.204

Name:    parking.namesilo.com
Address: 107.161.23.204

Be sure to uncheck any reference to "domain PARKing".

1 Like

You need these two A records:

  • hostname: ethiolive.net
    address: 159.65.237.131
  • hostname: www.ethiolive.net
    address: 159.65.237.131
1 Like

Also, I would like to point out that while indeed the DNS registar does not need to be the same company as the DNS service provider, this needs to be configured properly if that's the case.

At the moment, when I try to resolve the IP address for ethiolive.net, the authorative DNS servers seem to be:

(...)
ethiolive.net.		172800	IN	NS	ns2.dnsowl.com.
ethiolive.net.		172800	IN	NS	ns3.dnsowl.com.
ethiolive.net.		172800	IN	NS	ns1.dnsowl.com.
;; Received 655 bytes from 2001:501:b1f9::30#53(m.gtld-servers.net) in 13 ms

ethiolive.net.		172800	IN	SOA	ns1.dnsowl.com. hostmaster.dnsowl.com. 1631205299 7200 1800 1209600 600
;; Received 103 bytes from 162.159.26.136#53(ns1.dnsowl.com) in 16 ms

So subdomains of the domain dnsowl.com. And that domain seems to be registered by a company called "NameSilo, LLC", which seems to be a DNS provider and hosting provider and such..

However, the DNS zone editor you showed above is from a company called "HahuCloud"?

So I'm not sure if you're managing your DNS at the correct place. With the current authorative DNS servers, you should be editing your DNS zone at NameSilo? Another option would be to set the authorative DNS servers to the HahuCloud authorative DNS servers.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.