I Add DNS in ISPConfig but SSL not generate and throw error

GLinBoy 2017-07-16 06:46:48 UTC #1

Hello
I add this record to DNS of my domain:
Active Type Name Data Priority TTL
Yes A api.glinboy.com myServerIP 0 3600
Yes A apps.glinboy.com myServerIP 0 3600
and this for glinboy.ir:
Active Type Name Data Priority TTL
Yes A api.glinboy.ir myServerIP 0 3600
Yes A apps.glinboy.ir myServerIP 0 3600

but after run command
sudo ./certbot-auto certonly -w /var/www/glinboy.com/ssl -d glinboy.com -d glinboy.ir -d apps.glinboy.com -d apps.glinboy.ir -d api.glinboy.com -d api.glinboy.ir
I got error that DNS,

This is Error:
Failed authorization procedure. apps.glinboy.ir (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for apps.glinboy.ir, api.glinboy.ir (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for api.glinboy.ir, apps.glinboy.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for apps.glinboy.com, api.glinboy.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for api.glinboy.com

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: apps.glinboy.ir
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for apps.glinboy.ir

Domain: api.glinboy.ir
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for api.glinboy.ir

Domain: apps.glinboy.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for apps.glinboy.com

Domain: api.glinboy.com
Type: connection
Detail: DNS problem: NXDOMAIN looking up A for api.glinboy.com

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

Note: At past i have similar problem with DNS record that can't found any solution; I try to add a CNAME DNS record for Openshift application to handle my subdomain to app but this never work!!! (this tutorial: blog.openshift.com/domain-names-and-ssl-in-the-openshift-web-console/)
I think my DNS server has error but i can't found this

Info:

I Installed Ispconfig 3.1.5 on Ubuntu 16.04
Can I generate SSL cert for this domains and sub-domains on another way?

GLinBoy 2017-07-16 09:19:30 UTC #2

finally i found a trick!!!!
add each sub domains as a DSN Zone and then generate SSL Certificate!

schoen 2017-07-16 19:42:19 UTC #3

Hi @GLinBoy,

CNAMEs would be OK in this case from the certificate authority's point of view, so probably the method that you were using to create CNAMEs failed to add them successfully. I'm glad you got your certificate working eventually.