Letsencrypt 1.9.4 DNS Problem NXDOMAIN looking up A

I’m getting the following error:
DNS Problem NXDOMAIN looking up A for domain

I have checked that there are A records present for “www.domain” and “domain”

Do you have any suggestions as to the cause of this error…?

Thanks…

DNS issues are really hard to troubleshoot if you don’t provide your domain name, however my initial guess would be something to do with 0x20 randomization. You can try different rAnDom CaPitAliZatiONs of your domain and make sure they all still return the correct response. This is an issue for some DNS providers, but is a security feature designed to make valid-looking spoofed responses harder to create.

The domain is www.sellerate.co.uk

Thanks

Not sure what you meant about the random capitalisation…

I tried different capitalisations in a browser and they all seemed to browse the site ok… If that is what you meant…?

DNS resolves properly:
nslookup Www.seLlerAte.cO.uk
returns
Name: Www.seLlerAte.cO.uk
Address: 194.145.196.84

any ideas then on what might be the cause of the error:

DNS Problem NXDOMAIN looking up A for domain

Please show more detail on how/where you got that error.

here is a screen grab of the consol window containing the process…

thanks…

ok - i noticed that i included an extra “w” in the host name… (wwww.sellerate.co.uk)

i corrected that and am now getting a different error:

Status 403

included is the console window

thanks again

Please place a test text file at: c:\inetpub\wwwroot\sellerate\.well-known\acme-challenge\test.txt
Which should then be accessible via: http://www.sellerate.co.uk/.well-known/acme-challenge/test.txt

yes that works… and i did try this earlier with a test.htm file too

but i still have the same Status 403 error message…

thanks again

I meant I get the same Status 403 error when using the Letsencrypt.exe - not when browsing to the test file which works ok…

Can you see whether the client you’re using really created the verification file in the same place as your test file?

Can you see what happens if you try to access the verification file in a browser at the URL where the client says it should be browseable?

And how about web server logs? Do they show the result of the certificate authority’s attempt to access the verification file?

thanks for the reply…

the “.well-known/acme-challenge” folders are both created each time i run the letsencrypt.exe and the verification file is created inside the acme-challenge folder.

when i try browsing to the verification file i get an Error 404 page in my browser but if i put a test.txt file in the folder, i can browse it with no errors

i turned on Directory Browsing in iis and i can browse both the verification file and the text file. If i click the verification file link i still get the 404 error

here is the link to the directory:
http://www.sellerate.co.uk/.well-known/acme-challenge/

i just tried to run letsencrypt.exe again - i got the same error and here is the entry from the server log:

2017-08-26 20:51:25 194.145.196.84 GET /.well-known/acme-challenge/anAGnbHS6295_2pnMFWISlZ21LP0qD3FLYB2hYrYo-8 - 80 - 66.133.109.36 Mozilla/5.0+(compatible;+Let’s+Encrypt+validation+server;++https://www.letsencrypt.org) - 404 17 50 156

hope that all makes sense…

thanks…

Hi @Deeg,

Seems your IIS 10 doesn’t know how to serve files without extension, take a look to this post to let know IIS how to serve files without extension in acme-challenge dir.

This is the info shared by @JSpraul:

JSpraul
Feb '16

I used https://github.com/Lone-Coder/letsencrypt-win-simple with the following web.config in the acme-challenge directory to avoid a 404.17 IIS error (‘The requested content appears to be script’) blocking download of the challenge:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <staticContent>
            <mimeMap fileExtension="." mimeType="text/plain" />
        </staticContent>
    </system.webServer>
</configuration>

Cheers,
sahsanu

@sahsanu, I don’t think that’s the problem. Strangely,

http://www.sellerate.co.uk/.well-known/acme-challenge/anAGnbHS6295_2pnMFWISlZ21LP0qD3FLYB2hYrYo-8

actually loads perfectly for me! That seems to be the same URL that got a 404 when the CA tried to test it. That’s really confusing.

Hi @schoen,

It is working now because I suppose @Deeg has been able to serve files without extension, till I’ve posted my message it was not working on files without extension ;).

Cheers,
sahsanu

this has worked… thank you

i have now got a question from the console app asking about the renewal process task schedule:

“Do you want to specify the user the task should run as y/n ?”

may i be so bold to ask if you have any thoughts on that…?

many thanks…!

Hi @Deeg,

Gald you get it working.

Regarding your question… I don’t use letsencrypt-win-simple nor IIS so I don’t know if the task that the client will create with your current user is ok for you, your system or IIS but I suppose that it is ok to create the task with your current user.

Anyway, take a look to letsencrypt-win-simple doc here https://github.com/Lone-Coder/letsencrypt-win-simple/wiki/Basic-Usage

And specifically for creating the task here https://github.com/Lone-Coder/letsencrypt-win-simple/wiki/Windows-Task-Scheduler-Settings

Good luck,
sahsanu

thank you so much for all that…

https://www.sellerate.co.uk seems to be working now…

very best regards…

2 Likes