DNS record not published on AWS lightsail for SSL configuration

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:maheshkhali.com
NS for Lightsail:
ns-1990.awsdns-56.co.uk
ns-832.awsdns-40.net
ns-466.awsdns-58.com
ns-1245.awsdns-27.org

above NS configured to Route53 as well.

I ran this command:
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly

It produced this output:
_acme-challenge.maheshkhali.com
TXT Record
aqnSqDEMwCe8wdi5IWPyQUEfjl2fQDAaeXsPWUYczEA
TXT Record
_acme-challenge.maheshkhali.com
AHNMfMgiTSmm6dNFQmhF6ANnO6PrZ3vA1ukyUO91sbA

configured it to dns zone of lightsail but when checking in MX Lookup tool, it showing DNS record not found.

The operating system my web server runs on is (include version):linux

My hosting provider, if applicable, is: AWS ligtsail

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

When certbot authenticates via DNS, it requires either manual interaction or an API plugin.
You may need to look into using this parameter (and its’ requirements):
--dns-route53

dns route53 is configured properly as guideline but not working.

Please show us this tool.

What does that mean?

!

Hi @sazzad

that check of mxtoolbox checks the MX mail server DNS record.

That’s completely unrelevant creating a certificate.

Nobody has a MX record with _acme-challenge.domainname.

But checking your domain - there is no TXT record - https://check-your-website.server-daten.de/?q=maheshkhali.com#txt

Should look like

ns-1111.awsdns-10.org is one of your name servers.

And your configuration is inconsistent:

Fatal: Inconsistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone.: ns-1111.awsdns-10.org (205.251.196.87): Delegation: ns-1111.awsdns-10.org,ns-1721.awsdns-23.co.uk,ns-47.awsdns-05.com,ns-610.awsdns-12.net, Zone: ns-1245.awsdns-27.org,ns-1990.awsdns-56.co.uk,ns-466.awsdns-58.com,ns-832.awsdns-40.net

1 Like

Here is the TXT record for my domain.

See the online check. Your TXT entries aren’t visible.

2 Likes

That’s my question? Why my TXT record not visible?As per guideline of SSL on AWS lightsail installation , i did everything but TXT record not working.

https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress

Your zone definition may be wrong.

It’s not enough if you add some name servers if that

Fatal: Inconsistency between delegation and zone.

is the result.

1 Like

If you understand how the Internet uses DNS, then you can see how it might fail to resolve your TXT record(s).
Because: Your list of DNS servers does not match the Internet list of DNS servers (for your domain).
You need to correct that problem first.

Here is my Zone

And here is what the Internet sees:
nslookup -q=ns maheshkhali.com

maheshkhali.com nameserver = ns-47.awsdns-05.com
maheshkhali.com nameserver = ns-610.awsdns-12.net
maheshkhali.com nameserver = ns-1721.awsdns-23.co.uk
maheshkhali.com nameserver = ns-1111.awsdns-10.org

Do those two match?

It’s my default NS of Route53 but as per lightsail SSL configuration tutorial,Need to replace the NS route53 with lightsail NS.For that reason, i edited NS of route53.

You need to put down the lightsail SSL configuration tutorial and make sure DNS is setup correctly FIRST.

Here is the link of SSL configuration tutorial link.
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress

By the way, i changed my NS of Route53 as default one. Here is the NS server list:
ns-47.awsdns-05.com.
ns-1111.awsdns-10.org.
ns-1721.awsdns-23.co.uk.
ns-610.awsdns-12.net.

Would you please check again,my configuration ok or not?

Here is the link of SSL configuration tutorial link.
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress

By the way, i changed my NS of Route53 as default one. Here is the NS server list:

ns-47.awsdns-05.com.
ns-1111.awsdns-10.org.
ns-1721.awsdns-23.co.uk.
ns-610.awsdns-12.net.

Would you please check again,my configuration ok or not?

There is a free online tool: