DNS problem: NXDOMAIN looking up A for mynginx.adams.org

My domain is: mynginx.adams.org

I ran this command: sudo certbot --nginx

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.

1: mynginx.adams.org

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for mynginx.adams.org

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: mynginx.adams.org
Type: dns

Detail: DNS problem: NXDOMAIN looking up A for mynginx.adams.org - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for mynginx.adams.org - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx/1.23.3

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Ubuntu Gnome Terminal

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.3.0

My /etc/hosts looks as follows: localhost mynginx.adams.org 24adithya

The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Can someone tell me what else needs to be configured?

Disclaimer: I throw the question into chatGPT and this is the result.

The error message indicates that the Let's Encrypt certificate authority was unable to verify that your domain, mynginx.adams.org, exists and is pointing to the correct IP address. This could be due to various reasons, such as a DNS misconfiguration, firewall issues, or server connectivity problems.

To troubleshoot this issue, you should try the following steps:

  1. Verify that the domain mynginx.adams.org is registered and points to the correct IP address. You can use a DNS lookup tool like dig or nslookup to check the DNS records. For example:
$ dig mynginx.adams.org

mynginx.adams.org. 3600 IN A <IP_ADDRESS>

If the DNS records are not found or incorrect, you should fix the DNS configuration.

  • Ensure that your server is accessible from the internet and that there are no firewall rules blocking incoming traffic on port 80 and 443. You can test the connectivity using the telnet command. For example:
$ telnet mynginx.adams.org 80
$ telnet mynginx.adams.org 443

If you cannot connect to the server, you should check your firewall rules and network configuration.

  • Verify that your nginx configuration is correct and matches the Let's Encrypt requirements. You can use the nginx -t command to check the syntax of your nginx configuration files. For example:
$ nginx -t

If there are any syntax errors or configuration issues, you should fix them before retrying the Let's Encrypt certificate request.

  • Ensure that your server clock is correct and synchronized with the internet time servers. You can use the timedatectl command to check the system time.

If the time is not correct, you should fix it using the appropriate time synchronization tools for your operating system.

Once you have resolved any issues, you can try running the sudo certbot --nginx command again to request the Let's Encrypt certificate for your domain.


a human replying:
do you own adams.org? as you bought the domain?

you can't just make up a domain and expect LE to verity that, public CA only accepts public name.


mynginx.adams.org some other TLD

Name:    mynginx.adams.cc

Name:      mynginx.adams.com

Name:      mynginx.adams.com.br

Name:    mynginx.adams.in

Name:    mynginx.adams.rest

Ok - got it. It's just a name I have given to my server. Thanks for sharing this info. I was under the impression that I will be able to generated authentic and approved certificates for enabling SSL for local servers as well :slight_smile:

1 Like

Please read How It Works - Let's Encrypt




This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.