Let's Encrypt™ SSL - Check DNS record exists

My domain is: http://jamiekent.me

I ran this command: tried to activate SSL through lets encrypt SSL on cPanel

It produced this output: There was a problem processing your request Error issuing certificate Failed to issue certificate Updating challenge for www.jamiekent.me: acme: error code 400 "urn:ietf:params:acme:error:dns": DNS problem: NXDOMAIN looking up A for www.jamiekent.me - check that a DNS record exists for this domain

My web server is (include version):

The operating system my web server runs on is (include version): litespeed

My hosting provider, if applicable, is: Veero Tech

I can login to a root shell on my machine (yes or no, or I don't know): no

Control Panel: cPanel

Hi @JamieK

see your check, ~~30 minutes old - https://check-your-website.server-daten.de/?q=jamiekent.me

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
jamiekent.me A Cary/North Carolina/United States (US) - NetActuate, Inc Hostname: rssd7954.webaccountserver.com yes 1 0
AAAA yes
www.jamiekent.me Name Error yes 1 0

Your www version doesn't have an A- or AAAA-record.

So you can't create a certificate with the www subdomain.

Update your dns, so a www-A entry exists. Or uncheck the www-certificate option.

hi @JuergenAuer,

Thank you for the reply :slight_smile:
Would it possible to go into anymore detail, I am new to web dev.

Weirdly my current domain when viewed from the DNS Zone editor it has the same records currently set up as my other domain that obtained an SSL first time (southcoastpresa.co.uk)

I have tried adding an A record for www.jamiekent.me through the zone editor but it says there is already a CNAME for www.jamiekent.me and there cannot be both. Here is a screenshot of my zone editor screen

Thanks Jamie


the wrong DNS Zone editor, that's only a local visible cPanel thing.

Use the DNS Zone editor of your domain registrar.

dns1.registrar-servers.com is one of your name servers.

There is nothing - and that's the relevant menu.

So I timed myself trying to generate new certificates as I wasn't using the dry run function which I'm now using ;(

I've since watched some content on DNS but it's still failing so I'm clearly useless and still doing something wrong.

This is my current setup:

Your DNS is seriously broken now: it's DNSSEC is completely gone, while the .me DNS servers are still providing a DS record. Please see: jamiekent.me | DNSViz

Did you perhaps remove some essential resource records such as DNSKEY entries from your DNS zone?

There was no records previosuly, I only added records

Well, in any case, you need to fix (preferably) or remove DNSSEC entirely (i.e., remove the DS record from the parent zone .me through your registar).

Thank you JuergenAuer and Osiris for your help. I have now solved the issues and they have deleted the DS record that was on there. Atleast I have correctly learnt how to set up DNS settings, however I'm not sure what namecheap actually played around with on my account to even cause the DS issue in the first place ahah :slight_smile:

Of course properly working DNSSEC would even be better, but at least your DNS is working now again. :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.