DNS problem: NXDOMAIN looking up A

Problem renewing my certificate...

My IP is: 77.68.114.189
My domain is: eb6a769.online-server.cloud
OS/Webserver: Ubuntu 18.04LTS Apache
Server: IONOS VPS, can login as root to shell
Cerbot Version: certbot 0.31.0
I'm using a control panel to manage my site (to access the VPS settings)

I ran this command:

sudo systemctl stop apache2
sudo certbot certonly

It produced this output:

Failed authorization procedure.
eb6a769.online-server.cloud (http-01):
urn:ietf:params:acme:error:dns ::
DNS problem: NXDOMAIN looking up A for eb6a769.online-server.cloud -
check that a DNS record exists for this domain;
DNS problem: NXDOMAIN looking up AAAA for eb6a769.online-server.cloud -
check that a DNS record exists for this domain

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: eb6a769.online-server.cloud
    Type: None
    Detail: DNS problem: NXDOMAIN looking up A for
    eb6a769.online-server.cloud - check that a DNS record exists for
    this domain; DNS problem: NXDOMAIN looking up AAAA for
    eb6a769.online-server.cloud - check that a DNS record exists for
    this domain

This same command has successfully renewed every 90 days for four years.

  • The domain name comes from the VPS, I have no access to domain name records for this.
  • IONOS migrated the VPS to a new VPS platform in April 2024
  • I have 5 days left for renewal...

Can anyone help with what might be the issue?

Many thanks

Tim

1 Like

If you don't controle the hostname eb6a769.online-server.cloud, you cannot get a certificate for it.

If previously an A and/or AAAA RR was present, but now it is not (which is the case), maybe your hosting provider has removed it. Maybe if you complain, they can put it back? Maybe they forgot something in the migration? Or maybe they're using different hostnames now?

Let's Encrypt recommends to start trying to renew 30 days before expiry. That was 25 days ago. Let's Encrypt also sends out expiry emails about 21 days before expiry, although you should not rely on that. I'd like to recommend implementing a more thorough system which would have discovered this failing renewal earlier so you would have had more time.

1 Like

Yes, I usually renew when the first email comes in from LetsEncrypt, but real world matters have distracted me recently.

as I indicated, this renewal has worked without error for the last four years

I will contact IONOS, see what they have to say.

1 Like

There probably was a A/AAAA RR before. That's enough to prove "controle" over a hostname.

This version of Certbot is ancient by the way. Please update it, probably using snap. See https://certbot.eff.org/ for more info.

Ubuntu 18.04 LTS has reached its end of life more than a year ago (https://ubuntu.com/about/release-cycle), unless you've bought Ubuntu Pro.

2 Likes

Thanks, not enough space on the VPS to upgrade

Will look to update, but it worked last time out.

I guess so, looks like IONOS will need to help here...

2 Likes

IONOS responds:

DNS hostname is removed by the migration.
Create a subdomain and generate a cert for that.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.