Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: nunu.kr
I ran this command: sudo /opt/bitnami/bncert-tool
It produced this output: Warning: The domain 'www.nunu.kr' does not resolve,
please fix its DNS entries or remove it.
My web server is (include version):Amazon Light Sail
The operating system my web server runs on is (include version): linux
My hosting provider, if applicable, is: amazon
I can login to a root shell on my machine (yes or no, or I don't know):yes only ssh
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): i dont know because dosen't work.
"I installed the certificate and then the DNS was changed. Since then, the certificate is not working, and it is prompting me to modify the DNS. What should I do?"
I don't have the key for this certificate. You can only check it using an SSH account. The reason I can't use this certificate is that I deleted the existing server and created a new one, which resulted in this problem. The new server has been assigned a new DNS. If it's possible to find the existing key, please let me know. It would be preferable to delete the existing SSL and issue a new one.
The current issue is simply that the DNS has been changed after setting up the new server. I'm not sure how to change the DNS. I have already added records in the domain.
I'm a beginner, so please understand thank you!
Part of the design of the certificate system is that only the site operator (or the hosting/infrastructure providers of the site operator) ever possess the private key. It's never available to anyone else. That means that if you destroy or delete the only copy of your server, the private key is permanently lost.
This isn't particularly harmful (as long as you don't make a habit of doing it frequently), because you can make a new one (and get a new certificate for it), but you shouldn't expect that anyone can recover the old private key.
Edit: Contrary to some people's misimpression, you don't need to revoke or delete old certificates in order to issue new certificates. They don't contradict each other and can be valid concurrently. Let's Encrypt has issuance rate limits to prevent people from using the service wastefully, but the rate limits are not affected by revocation of old certificates, they just prevent ever creating more than 5 new certificates with identical coverage during the same week (among other limits).
Do you mean that the IP address has been changed? The DNS is the system where the DNS records go (that help people accessing your server learn what the current IP address of the server is).
Currently both nunu.kr and www.nunu.kr have valid DNS records, pointing at the IP address 43.202.103.173. Is that correct? If so, I think you can run your bncert-tool command again and the error that you originally received should no longer occur.
Currently nunu.kr 's nameserver is set to aws name servers, so I gues it is using route53, access your aws account and change it from there to right IP
Thank you all. Processed with this command. You were able to issue a new certificate.
sudo /opt/bitnami/bncert-tool --perform_public_ip_validation 0 --perform_dns_validation 0
Thank you all. Processed with this command. You were able to issue a new certificate.
sudo /opt/bitnami/bncert-tool --perform_public_ip_validation 0 --perform_dns_validation 0.
Thank you all. Processed with this command. You were able to issue a new certificate.
sudo /opt/bitnami/bncert-tool --perform_public_ip_validation 0 --perform_dns_validation 0
.