Failed to authenticate domain, no valid A record found

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

ziitronemedia.ca -- registered with namecheap

I ran this command:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [myemailaddrs] -d ziitronemedia.ca

It produced this output:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [myemail] -d ziitronemedia.ca
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for ziitronemedia.ca

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: ziitronemedia.ca
Type: dns
Detail: no valid A records found for ziitronemedia.ca; no valid AAAA records found for ziitronemedia.ca

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

My web server is (include version):

? I am hosting a Jellyfin server on a dedicated machine, latest version 10.8.9.

The operating system my web server runs on is (include version):

Ubuntu server 22.04 LTS

My hosting provider, if applicable, is:

? namecheap is what i use for the domain, that is it?

I can login to a root shell on my machine (yes or no, or I don't know):

yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

no, I dont think so. Only using terminal to control ubuntu server machine

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 1.21.0

I am a complete noob to networking and am trying to get a valid SSL certificate for https to make my media server more secure and preferable. I've been hopping around guides to get through it, but I am now stuck here. I have an A Record set in namecheap's advanced DNS page, and I tried temporarily port forwarding 443 and 80 to see if that helped, but it still does not verify. I am not sure what I am doing wrong. I haven't set anything up to deal with a Dynamic IP address yet but wanted to get this working first. The command I am running is just right off Jellyfin's website.

Here is a picture from namecheap's site:

image1164×229 8.46 KB

Welcome to the community @Ziitrone

That namecheap DNS screen looks OK and I can reach that IP directly so that is good too.

It's been a long time since I've used namecheap. But, is there another place where you need to enable Advanced DNS? I sort of remember having both basic and advanced options selected in each domain section.

Not exactly sure, as I am just using the basic DNS they provide for free with domains. I will look around and see if I can find some settings related to it.

So, I found this setting menu, where I can select the nameserver, but I am not sure if what it is set at is fine or I need to set something custom up.

image1164×229 13.9 KB

That and the only other option I can find that seems related is to enable DNSSEC.

Hmm. I'm not sure why the A record does not yet show up in the public DNS.

The Custom DNS should not be necessary. DNSSEC is optional and probably best not to enable it until it starts working without it.

Did you buy this name very recently - like in just past hour or so?

No, I bought it the other day, however I have been fiddling with the A record and that was recently added, so maybe I need to wait a bit for that?

Oh, I see the problem.

The HOST should be @

The host name gets prefixed to the actual apex name (the name you bought). So, you have a valid A record for this:

dig +noall +answer A ziitronemedia.ca.ziitronemedia.ca
ziitronemedia.ca.ziitronemedia.ca. 209 IN A     137.186.164.186

Awesome, it worked! Certificate was successfully received and deployed. Thank you for all the help and the insanely speedy replies.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.