I can't install let's encrypt with my subdomain

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: beta-v3.stutor.vn
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for beta-v3.stutor.vn - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for beta-v3.stutor.vn - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.

My domain is: beta-v3.stutor.vn

I ran this command: certbot certonly --nginx --dry-run -d beta-v3.stutor.vn

It produced this output:

My web server is (include version): ubuntu 22.04

The operating system my web server runs on is (include version): My web server is (include version): ubuntu 22.04

My hosting provider, if applicable, is: OVHcloud

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.10.0

The nginx authenticator uses the HTTP Challenge.

For that challenge type, the Let's Encrypt server needs to make an HTTP request to that domain to prove you control it.

You must have an IP for your server in the public DNS so the LE Server can find your server. You need to create an A or AAAA record in your DNS for your public IP address(es) You should follow @osiris advice in next post.

2 Likes

Your DNS is incorrectly configured. The .vn nameservers are configured to redirect the requests for your domain to the following nameservers:

stutor.vn.		43200	IN	NS	ns-b1.tenten.vn.
stutor.vn.		43200	IN	NS	ns3.digitalocean.com.
stutor.vn.		43200	IN	NS	ns1.digitalocean.com.
stutor.vn.		43200	IN	NS	ns2.digitalocean.com.
stutor.vn.		43200	IN	NS	ns-b3.tenten.vn.
stutor.vn.		43200	IN	NS	ns-b2.tenten.vn.

So there are 2 different domains configured as authorative nameservers: three by Digital Ocean and three by "tenten.vn". While the "tenten.vn" do recognise your domain and also reply with an IP address for beta-v3.stutor.vn, the nameservers from Digital Ocean do not have any A record on file.

In other words: your "tenten.vn" and Digital Ocean nameservers are not in sync.

4 Likes

Here is another way of looking at it :woozy_face:

A records for beta-v3.stutor.vn: Domain does not exist
AAAA records for beta-v3.stutor.vn: Domain does not exist
MX records for beta-v3.stutor.vn: Domain does not exist
NS records for beta-v3.stutor.vn: Domain does not exist
CNAME records for beta-v3.stutor.vn: Domain does not exist
TXT records for beta-v3.stutor.vn: Domain does not exist
SOA records for beta-v3.stutor.vn: No record found
2 Likes