Hello, I'm trying to run this command : ./letsencrypt-auto certonly --rsa-key-size 4096 -d <mydomain.com> --email firstname.lastname@example.org --agree-tos
It's to make a certificate for my mail server (Dovecot&Postfix).
I've a problem when running this command :
- The following errors were reported by the server :
Detail: DNS problem: NXDOMAIN looking up A for <mydomain.com>
But when I did dig +short MX <mydomain.com> to try my DNS config I've the good answer : 10 mail.mydomain.com.
So I really need help if someone already Having this problem...
Hello, thank you the the quick reply !
I try dig +short A domain.com and I've the IP Address of my DNS server with no error..
But I also have a new error :
Failed authorization procedure. domain.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for domain.com
You can’t use any publicly trusted CA if your domain is internal-only. More specifically, if it is a domain name you “made up” and not a public/ICANN domain. This practice was forbidden a couple of years ago by the CA/B forum.
If you own, say, example.com, and want to get a certificate for internal.example.com, that might still be possible via split-horizon DNS. You would internally resolve the domain to a different IP than from the public internet. The public DNS record would point to a server only used to solve the domain ownership challenge (this is where you would run the client, and then move the resulting certificate to your internal server).
Setups like that can be quite tricky; personally I would just establish an internal CA and deploy it to all clients (for example via Active Directory, or just manually if you don’t have many clients).