My domain is: http://api.joshi234.me/
I ran this command: certbot certonly -d api.joshi234.me
It produced this output:←[0m - The following errors were reported by the server:
Detail: DNS problem: SERVFAIL looking up A for api.joshi234.me -
the domain's nameservers may be malfunctioning
My web server is (include version): Flask 1.1.2
The operating system my web server runs on is (include version): Debian 10
My hosting provider, if applicable, is: None
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): 0.31.0
I'm trying to setup a ssl certificate but I always get that output. I tried it from the machine itself, but it didn't let me set it up because the webserver it creates is running on port 80 and the webserver itself is to. Why do I get this error?
Your DNSSEC is misconfigured: you have it enabled, but your nameservers are not correctly set up for it.
Try turning DNSSEC off in your domain registrar's control panel (Namecheap?) and see if that makes a difference.
Actually it was turned off, I turned it on
If it was already turned off, then it sounds like the zone and the control panel may have been out of sync with each other, on Namecheap's side.
It looks fine now, try issue a certificate again?
I tried again, now I get this:
The following errors were reported by the server:
Detail: Invalid response from
[184.108.40.206]: "\n404 Not Found\n
The requested URL was"
What am I supposed to respond?
Great, so the SERVFAIL is gone now.
What's the exact Certbot command you are running? If you're using Flask as your webserver, then you'll need Flask to serve files from a directory, and point Certbot to that directly.
certbot certonly -d api.joshi234.me --webroot -w /path/to/flask/webroot
You can also stick a reverse proxy such as nginx or Apache in front of Flask, and then use the
--apache authenticator instead.
I always recommend using a reverse proxy, makes life easier. But it's not the only approach.
I got it to work, thanks for your help!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.