Help, i have to do certificates and idk anything about it

My domain

I ran this command: certbot certonly -d * --csr adminmanagement.req option 1

It produced this output:Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for - check that a DNS record exists for this domain

My web server is (include version):IIS i think

The operating system my web server runs on is (include version): Windows server 2016

I can login to a root shell on my machine (yes or no, or I don't know): No

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 2.7.4

The error means exactly what it says: there are no DNS records for that domain. You'll need to create them.


Hi @Bryan-Self, and welcome to the LE community forum :slight_smile:

Wildcard certificates require DNS-01 authentication.
The error shows that you are running certbot in standalone mode.
[which implies HTTP-01 authentication]


These things conflict with each other:

The csr would already have the requested name(s).
Making the -d obsolete.


i dont have access to the server, my boss is the one that creates the records in dns, what should i say to him?

how do the dns-01 certification? is with preferred challenges dns-01?

How would we know?

That he needs to create valid DNS records for

But you're starting in the middle of the story, and really none of this makes sense. For a few examples:

  • You're trying to use certbot on Windows, which is poorly-supported at best, and is about to become completely unsupported.
  • You're trying to use certbot with an existing CSR (certificate signing request). This isn't the way certbot is really intended to be used, and it's highly likely to cause unintended results. Such as...
  • You're asking for a wildcard cert on the command line, but the CSR is for The -d flag on the command line is ignored in this case
  • (You think) you're asking for a wildcard cert, but trying to use HTTP validation, which won't work--you need DNS validation for a wildcard cert.

So why not start at the beginning: what, exactly, are you trying to accomplish? And what suggested that the command you tried was the way to do it?


i told him idk anything about certificates and then replied, then learn, he told me to, create the csr for the dns, using azureReadinessChecker, it gave me 12 .req files and 12.inf files, and then use letsencrypt to generate the certificates, pass them through azurereadinesschecker and then, after all the test passed, sent them to him, im already 3 weeks stuck and i cant do anything

Well, we here on this community also don't know better than you do what your boss is trying to tell you to do. Usually getting and using certificates is either integrated directly into your hosting provider, or if you are administrating your own servers (or VMs) then you would be running some software on them that handles requesting and installing the certificates automatically.

The most-common method of validation is HTTP-01, which is generally easiest, but only works if the domain name is publicly accessible on the Internet. The second most-common is DNS-01, which requires the system asking for the certificate to be able to update the DNS records, but is necessary if the web server isn't publicly accessible, or if you need a "wildcard" certificate that handles all subdomains at once (which most people don't need).

Hopefully that information helps you figure out what it is that you need to be doing.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.