Help with DNS configuration

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
lern2code.com

I ran this command:
sudo certbot -v --apache

It produced this output:

[Additional output omitted]

Domain: lern2code.com
Type: dns
Detail: DNS problem: query timed out looking up A for lern2code.com; DNS problem: query timed out looking up AAAA for lern2code.com

---- I am hosting my own DNS server and it looks like it isn't right. Any help is appreciated.

My web server is (include version):
Server version: Apache/2.4.52 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 22.04.3 LTS

My hosting provider, if applicable, is:
Self hosted

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.8.0

2

Hello @Torp, welcome to the Let's Encrypt community. :slightly_smiling_face:

Your DNS system seems poor.

image
image1021×511 17.5 KB

image
image1036×365 4.85 KB

https://unboundtest.com/m/CAA/lern2code.com/6MJDZ4UJ the tail end

Jan 12 00:23:12 unbound1.19[321343:0] debug: EDNS lookup known=0 vs=0
Jan 12 00:23:12 unbound1.19[321343:0] debug: serviced query UDP timeout=6016 msec
Jan 12 00:23:12 unbound1.19[321343:0] debug: inserted new pending reply id=5f45
Jan 12 00:23:12 unbound1.19[321343:0] debug: opened UDP if=0 port=41465
Jan 12 00:23:12 unbound1.19[321343:0] debug: comm point start listening 9 (-1 msec)


Error running query: read udp 127.0.0.1:43255->127.0.0.1:1053: i/o timeout

And using the online tool Let's Debug yields these results
https://letsdebug.net/lern2code.com/1767053 with 2 ERRORs

And network errors here Hardenize Report: lern2code.com
and it is showing DNS Zone errors that the Name Servers are not Operational.

image
image1596×747 42.7 KB

1 Like
3

You also an infinite redirect loop here

$ curl -k -Ii https://lern2code.com/.well-known/acme-challenge/sometestfile
HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Jan 2024 00:31:07 GMT
Server: Apache/2.4.52 (Ubuntu)
Location: https://lern2code.com/.well-known/acme-challenge/sometestfile
Content-Type: text/html; charset=iso-8859-1
1 Like
4

If you are looking for reasons why your DNS is wrong look here

https://dnsviz.net/d/lern2code.com/dnssec/

The Warnings are a likely reason for the Errors shown and the earlier query timeouts. Fixing those are a great start at least.

image
image585×1557 104 KB

3 Likes
5

Thanks for your help. I found and fixed the problem.

The problem was that years old DNS addresses for my name servers were configured at my taurus.com domain registrar (network solutions.com). I updated the addresses and that appears to have fixed everything.

4 Likes
6

Hi @Torp,

Just so you know the issued certificate that is being served is crt.sh | 11786813177 does not have www.lern2code.com in the SANs. So lern2code.com is covered by the issued certificate, but www.lern2code.com is NOT covered.

covered - https://decoder.link/sslchecker/lern2code.com/443

NOT covered - https://decoder.link/sslchecker/www.lern2code.com/443

And www.lern2code.com is a CNAME to lern2code.com

image
image1022×365 4.72 KB

1 Like
7

Hi Bruce,

I noticed this problem yesterday, but I don’t know what to do about it. I do want a certificate for www.lern2code.com. Any pointers you can give would be appreciated.

Thanks,

Torp

2 Likes
8

You first need to have the www subdomain in your Apache VirtualHost. I assume it is not there because otherwise your certbot command would have included it.

Use the Apache ServerAlias statement to include the www subdomain in your VirtualHost for port 80 and port 443. Then, this command should add it to your cert

sudo certbot --apache --cert-name lern2code.com -d lern2code.com -d www.lern2code.com

If you need help with that please start by showing output of these commands

sudo apache2ctl -t -D DUMP_VHOSTS
sudo certbot certificates
3 Likes
9

Hi Mike,

I finally got to this and got it working.

Thanks for your help.

Torp

4 Likes
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.