How can I verify my domain?


#1

I have a domain and I’m trying to get LetsEncrypt certificate
Everytime I try the certbot I got Incorrect validation certificate for tls-sni-01 challenge.
Which file should I upload to my domain to verify it’s mine ?

Sorry but I’m new to this


Error: Could not issue a Let's Encrypt SSL/TLS certificate for foo.es. Authorization for the domain failed
#2

Please fill out the fields below so we can help you better.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

Hi @syriandeveloper,

We do need the answers to those questions that @rg305 posted.

The challenge method that involves uploading a file is HTTP-01. The TLS-SNI-01 challenge method instead uses a custom self-signed certificate on your site. This is normally done by a Let’s Encrypt client editing your web server configuration automatically. There are many reasons that this can fail, but none of them would be fixed by uploading a file to your site. :slight_smile:


#4

Thanks for reply
My domain is: syrianboard.com
I have root access

Issued command : sudo certbot certonly --standalone -d syrianboard.com -d server1.syrianboard.com
My webserver is : Glassfish
OS: Ubuntu 16

output:
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for syrianboard.com
tls-sni-01 challenge for server1.syrianboard.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. server1.syrianboard.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for server1.syrianboard.com, syrianboard.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for syrianboard.com

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: server1.syrianboard.com
    Type: connection
    Detail: DNS problem: SERVFAIL looking up A for
    server1.syrianboard.com

    Domain: syrianboard.com
    Type: connection
    Detail: DNS problem: SERVFAIL looking up A for syrianboard.com

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.


#5

That’s a different error message from before.

At the moment, your domain’s DNS servers appear to rejecting all queries for your domain (and at least one other domain). Let’s Encrypt can’t access your site, and neither can anyone else.

http://dnsviz.net/d/syrianboard.com/WbPuvA/dnssec/


#6

But why ?
Do I have to talk to the hosting to solve this problem ?


#7

I talked to the hosting admin and they told me maybe as this domain is new you have to wait day or two to get the domain ready
It’s something to link the ip to the domain name


#8

Due to caching, it can take time for DNS changes to take effect, but that doesn’t seem to be the problem here.

These are the current nameservers for the domain:

;; AUTHORITY SECTION:
syrianboard.com.        172800  IN      NS      ns1.boulevardme.com.
syrianboard.com.        172800  IN      NS      ns2.boulevardme.com.

;; ADDITIONAL SECTION:
ns1.boulevardme.com.    172800  IN      A       37.61.237.45
ns2.boulevardme.com.    172800  IN      A       37.61.237.46

They don’t work. That’s not old cached information – it’s right now.

Only the people who run those 2 nameservers can say why they don’t work now, and when they will start to work.


#9

I sent them your comment but they said their nameservers are working they have many websites and all of them are working perfectly

I will wait for tomorrow and try again and will post the result here


#10

Have they tried to visit your website? Or their own?

Edit:

By “their own” domain, i meant boulevardme.com. That might not be their domain, though?


#11

I believe so. I’m still waiting the support team. they promised to solve the DNS problem


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.