Let's Encrypt™ SSL - Check DNS record exists

Help
1

My domain is: http://jamiekent.me

I ran this command: tried to activate SSL through lets encrypt SSL on cPanel

It produced this output: There was a problem processing your request Error issuing certificate Failed to issue certificate Updating challenge for www.jamiekent.me: acme: error code 400 "urn:ietf:params:acme:error:dns": DNS problem: NXDOMAIN looking up A for www.jamiekent.me - check that a DNS record exists for this domain

My web server is (include version):

The operating system my web server runs on is (include version): litespeed

My hosting provider, if applicable, is: Veero Tech

I can login to a root shell on my machine (yes or no, or I don't know): no

Control Panel: cPanel

2

Hi @JamieK

see your check, ~~30 minutes old - https://check-your-website.server-daten.de/?q=jamiekent.me

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
jamiekent.me A 192.138.189.25 Cary/North Carolina/United States (US) - NetActuate, Inc Hostname: rssd7954.webaccountserver.com yes 1 0
AAAA yes
www.jamiekent.me Name Error yes 1 0

Your www version doesn't have an A- or AAAA-record.

So you can't create a certificate with the www subdomain.

Update your dns, so a www-A entry exists. Or uncheck the www-certificate option.

3

hi @JuergenAuer,

Thank you for the reply :slight_smile:
Would it possible to go into anymore detail, I am new to web dev.

Weirdly my current domain when viewed from the DNS Zone editor it has the same records currently set up as my other domain that obtained an SSL first time (southcoastpresa.co.uk)

I have tried adding an A record for www.jamiekent.me through the zone editor but it says there is already a CNAME for www.jamiekent.me and there cannot be both. Here is a screenshot of my zone editor screen

zone editor
zone editor1459×1230 111 KB

Thanks Jamie

4

That's

the wrong DNS Zone editor, that's only a local visible cPanel thing.

Use the DNS Zone editor of your domain registrar.

dns1.registrar-servers.com is one of your name servers.

There is nothing - and that's the relevant menu.

5

So I timed myself trying to generate new certificates as I wasn't using the dry run function which I'm now using ;(

I've since watched some content on DNS but it's still failing so I'm clearly useless and still doing something wrong.

This is my current setup:

name cheap dns settings
name cheap dns settings1140×339 6.61 KB

6

There was a problem processing you request
There was a problem processing you request1444×218 21.7 KB

7

Your DNS is seriously broken now: it's DNSSEC is completely gone, while the .me DNS servers are still providing a DS record. Please see: jamiekent.me | DNSViz

Did you perhaps remove some essential resource records such as DNSKEY entries from your DNS zone?

8

There was no records previosuly, I only added records

9

Well, in any case, you need to fix (preferably) or remove DNSSEC entirely (i.e., remove the DS record from the parent zone .me through your registar).

10

Thank you JuergenAuer and Osiris for your help. I have now solved the issues and they have deleted the DS record that was on there. Atleast I have correctly learnt how to set up DNS settings, however I'm not sure what namecheap actually played around with on my account to even cause the DS issue in the first place ahah :slight_smile:

11

Of course properly working DNSSEC would even be better, but at least your DNS is working now again. :slight_smile:

12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.