I have a domain and I’m trying to get LetsEncrypt certificate
Everytime I try the certbot I got Incorrect validation certificate for tls-sni-01 challenge.
Which file should I upload to my domain to verify it’s mine ?
Sorry but I’m new to this
I have a domain and I’m trying to get LetsEncrypt certificate
Everytime I try the certbot I got Incorrect validation certificate for tls-sni-01 challenge.
Which file should I upload to my domain to verify it’s mine ?
Sorry but I’m new to this
Please fill out the fields below so we can help you better.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Hi @syriandeveloper,
We do need the answers to those questions that @rg305 posted.
The challenge method that involves uploading a file is HTTP-01. The TLS-SNI-01 challenge method instead uses a custom self-signed certificate on your site. This is normally done by a Let’s Encrypt client editing your web server configuration automatically. There are many reasons that this can fail, but none of them would be fixed by uploading a file to your site.
Thanks for reply
My domain is: syrianboard.com
I have root access
Issued command : sudo certbot certonly --standalone -d syrianboard.com -d server1.syrianboard.com
My webserver is : Glassfish
OS: Ubuntu 16
output:
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for syrianboard.com
tls-sni-01 challenge for server1.syrianboard.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. server1.syrianboard.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for server1.syrianboard.com, syrianboard.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for syrianboard.com
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: server1.syrianboard.com
Type: connection
Detail: DNS problem: SERVFAIL looking up A for
server1.syrianboard.com
Domain: syrianboard.com
Type: connection
Detail: DNS problem: SERVFAIL looking up A for syrianboard.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
That's a different error message from before.
At the moment, your domain's DNS servers appear to rejecting all queries for your domain (and at least one other domain). Let's Encrypt can't access your site, and neither can anyone else.
But why ?
Do I have to talk to the hosting to solve this problem ?
I talked to the hosting admin and they told me maybe as this domain is new you have to wait day or two to get the domain ready
It’s something to link the ip to the domain name
Due to caching, it can take time for DNS changes to take effect, but that doesn't seem to be the problem here.
These are the current nameservers for the domain:
;; AUTHORITY SECTION:
syrianboard.com. 172800 IN NS ns1.boulevardme.com.
syrianboard.com. 172800 IN NS ns2.boulevardme.com.
;; ADDITIONAL SECTION:
ns1.boulevardme.com. 172800 IN A 37.61.237.45
ns2.boulevardme.com. 172800 IN A 37.61.237.46
They don't work. That's not old cached information -- it's right now.
Only the people who run those 2 nameservers can say why they don't work now, and when they will start to work.
I sent them your comment but they said their nameservers are working they have many websites and all of them are working perfectly
I will wait for tomorrow and try again and will post the result here
Have they tried to visit your website? Or their own?
Edit:
By “their own” domain, i meant boulevardme.com
. That might not be their domain, though?
I believe so. I’m still waiting the support team. they promised to solve the DNS problem
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.