I need help PLS help me

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nunu.kr

I ran this command: sudo /opt/bitnami/bncert-tool

It produced this output: Warning: The domain 'www.nunu.kr' does not resolve,
please fix its DNS entries or remove it.

My web server is (include version):Amazon Light Sail

The operating system my web server runs on is (include version): linux

My hosting provider, if applicable, is: amazon

I can login to a root shell on my machine (yes or no, or I don't know):yes only ssh

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): i dont know because dosen't work.

"I installed the certificate and then the DNS was changed. Since then, the certificate is not working, and it is prompting me to modify the DNS. What should I do?"

When using an HTTP Challenge to get a cert you must have an A and/or AAAA record in your DNS. You have an A record for nunu.kr but not for www.nunu.kr


You've already gotten a certificate issued for nunu.kr as well as www.nunu.kr 2 weeks ago: crt.sh | 9825430544

What happened to that certificate, why can't you use that one and what changed in your (DNS) setup?


I just added it. Thank you.

1 Like

I don't have the key for this certificate. You can only check it using an SSH account. The reason I can't use this certificate is that I deleted the existing server and created a new one, which resulted in this problem. The new server has been assigned a new DNS. If it's possible to find the existing key, please let me know. It would be preferable to delete the existing SSL and issue a new one.
The current issue is simply that the DNS has been changed after setting up the new server. I'm not sure how to change the DNS. I have already added records in the domain.
I'm a beginner, so please understand thank you!

1 Like

Hi @sooloveed,

Part of the design of the certificate system is that only the site operator (or the hosting/infrastructure providers of the site operator) ever possess the private key. It's never available to anyone else. That means that if you destroy or delete the only copy of your server, the private key is permanently lost.

This isn't particularly harmful (as long as you don't make a habit of doing it frequently), because you can make a new one (and get a new certificate for it), but you shouldn't expect that anyone can recover the old private key.

Edit: Contrary to some people's misimpression, you don't need to revoke or delete old certificates in order to issue new certificates. They don't contradict each other and can be valid concurrently. Let's Encrypt has issuance rate limits to prevent people from using the service wastefully, but the rate limits are not affected by revocation of old certificates, they just prevent ever creating more than 5 new certificates with identical coverage during the same week (among other limits).

Do you mean that the IP address has been changed? The DNS is the system where the DNS records go (that help people accessing your server learn what the current IP address of the server is).

Currently both nunu.kr and www.nunu.kr have valid DNS records, pointing at the IP address Is that correct? If so, I think you can run your bncert-tool command again and the error that you originally received should no longer occur.


Currently nunu.kr 's nameserver is set to aws name servers, so I gues it is using route53, access your aws account and change it from there to right IP


I think he made new lightsail and got a new ip, that someone else got old ip from the pool


Lightsail has its own DNS panel that might be used. The NS servers are still Route53 but you change it in Lightsail.


Thank you all. Processed with this command. You were able to issue a new certificate.
sudo /opt/bitnami/bncert-tool --perform_public_ip_validation 0 --perform_dns_validation 0

1 Like

Thank you all. Processed with this command. You were able to issue a new certificate.
sudo /opt/bitnami/bncert-tool --perform_public_ip_validation 0 --perform_dns_validation 0.

1 Like

Thank you all. Processed with this command. You were able to issue a new certificate.
sudo /opt/bitnami/bncert-tool --perform_public_ip_validation 0 --perform_dns_validation 0

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.