DNS problem renewing cert

I ran this command: sudo certbot --nginx -d mydomain.com

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator nginx, Installer nginx

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.

(ref: /etc/letsencrypt/renewal/mydomain.com.conf)

What would you like to do?


1: Attempt to reinstall this existing certificate

2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for mydomain.com

Waiting for verification…

Cleaning up challenges

Failed authorization procedure. mydomain.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for mydomain.com

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: mydomain.com

Type: None

Detail: DNS problem: NXDOMAIN looking up A for

mydomain.com

My web server is (include version):
nginx version: nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version): ubuntu

My hosting provider, if applicable, is: aws

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0


using the certbot cli tool it tells me that my certificate has not expired but when I connect through a browser it says it expired in july. After clearing my local browser cache I am now totally unable to access my site to see if the certificate is even still there. Is there a way to delete my existing certifcate and just get a new one with auto-renew? I think I am experiencing a greater dns error unrelated to let’s encrypt but the inconsistencies with the certificate are making it harder to diagnose. Thank you

One month ago somebody changed your nameservers from GoDaddy to Wix, but did not copy your existing DNS records over to the Wix nameservers.

So it means your site has been inaccessible for ~1 month.

At least, the DNS record exists on the previous GoDaddy nameservers:

$ dig +noall +answer @ns04.domaincontrol.com app.jobsitetechinc.com
app.jobsitetechinc.com. 3600    IN      A       3.92.233.255

Perhaps you can re-add the record to Wix: https://support.wix.com/en/article/adding-dns-records-in-your-wix-account

2 Likes

There is a certificate valid untill November this year: https://crt.sh/?id=1839058827

Certbot uses the nginx plugin, so it should install and reload any new certificate. But for some reason, nginx is using an old certificate. You should debug the nginx configuration file for this virtual host and check if it’s using the correct path to the certificate.

Of course this is beside the DNS problem :wink:

1 Like

Thank you this is just what I’ve discovered myself. Damn those serviceWorkers making it seem like my site was still up because of cacheing. Luckily we don’t get much traffic. In all honesty thanks for this the wix link is very helpful.

1 Like

Thank you. So does this mean that although I have registered a newer certificate (good until november) I’ve misconfigured nginx so it’s using an old cert which expired in july?

That probably is the case yes, although certbot should have taken care of it because it uses the nginx plugin.