Error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOM AIN looking up A for

My domain

I ran this command: sudo /opt/bitnami/letsencrypt/lego --tls --email="kadir.php@yan" --domains="" --domains="" --path="/opt/bitnami/letsencr
ypt" run

It produced this output: 2021/02/13 10:01:28 [INFO] [,] acme: Obtaining bundled SAN cert
2021/02/13 10:01:28 [INFO] [] AuthURL:
2021/02/13 10:01:28 [INFO] [] AuthURL:
2021/02/13 10:01:28 [INFO] [] acme: authorization already valid; skipping chall
2021/02/13 10:01:28 [INFO] [] acme: use tls-alpn-01 solver
2021/02/13 10:01:28 [INFO] [] acme: Trying to solve TLS-ALPN-01
2021/02/13 10:01:35 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letse
2021/02/13 10:01:35 [INFO] Deactivating auth:
2021/02/13 10:01:35 [INFO] Unable to deactivate the authorization: https://acme-v02.api.le
2021/02/13 10:01:35 Could not obtain certificates:
error: one or more domains had a problem:
[] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOM
AIN looking up A for - check that a DNS record exists for this domain

My web server is (include version):Debian 4.19.160-2 (2020-11-28) x86_64

The operating system my web server runs on is (include version):Linux

My hosting provider, if applicable, is:Amazon Lightsail ( Bitnami )

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):No.

1 Like

There's no DNS record for your www subdomain.

You'll want to login to your AWS control panel and create a CNAME record from to

You can do this either in the Lightsail or Route53 interface, depending how you setup your domain.


I created a cname record, but this time the browser gives a warning.

1 Like

There already is a CNAME according to my digs? At least, there was at 2021-02-13 10:21:21 UTC when I checked the hostname/domain out.


It was created after my post. I think OP managed to create the certificate after creating the CNAME.

I think @kadirphp now needs to continue onto "Step 3" of the Bitnami SSL instructions, to configure their webserver with the certificate they created: Generate and Install a Let's Encrypt SSL Certificate for a Bitnami Application


Hm, pretty much close timing then, see my edit above :stuck_out_tongue: As far as I know, there wasn't any reply yet when I looked at the hostname, but I didn't find anything strange, so didn't have anything to post at that time. Perhaps Discourse didn't update the thread around that time properly, I dunno.


Perhaps! According to the timestamps, there was a 4 minute window between me posting and you checking. At least, the error from the ACME server supports that theory :stuck_out_tongue: .


@_az @Osiris Thank you for your comments. I solved the problem.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.