I am not able to create a certificate for my domain

My domain is: ruyfam.tplinkdns.com

I ran this command: certbot --apache

It produced this output: Failed authorization procedure. ruyfam.tplinkdns.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: query timed out looking up A for ruyfam.tplinkdns.com

My web server is (include version): apache 2

The operating system my web server runs on is (include version): Raspbian buster

My hosting provider, if applicable, is: local

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

I am trying to setup a nextcloud server. I’ve been trying to get a SSL certificate since a couple of days but I can’t manage to get this to work. I have looked at other help articles on here but really can’t figure it out. My port 80 is open and forwarded and to work around this problem I have created a self signed certificate but it comes with certain incoveniences I would like to get rid of.

1 Like

Hi @thebot002

looks like you can’t create certificates, because the name servers you use are buggy - see https://check-your-website.server-daten.de/?q=ruyfam.tplinkdns.com

No TCP-support.

And really critical:

X Fatal error: Nameserver doesn’t support echo capitalization. That’s critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks “ExAmPlE.cOm”, the name server must answer with the same name, not with “example.com”. Creating Letsencrypt certificates isn’t possible. Your name server provider must update the software.: ns1.tplinkdns.com / 52.204.177.89

Same with your second name server.

Yep - rechecked with Unboundtest, Letsencrypt uses an Unbound instance with the same configuration - https://unboundtest.com/m/A/ruyfam.tplinkdns.com/KZLR2Q4U

Error running query: read udp 127.0.0.1:46162->127.0.0.1:1053: i/o timeout

No result, too much errors --> you can’t create Letsencrypt certificates if you use this service.

3 Likes

First, thank you for very quick answer!
So if I understand correctly the problem is with tplinkdns.com?
So I should use some other domain name provider such as no-ip?

1 Like

@thebot002

Have a look at this…

Rip

3 Likes

Yes, you can’t fix it.

3 Likes