Letsencrypt error DNS problem: NXDOMAIN looking up A for etc

i’ve bought a domain name at google domains: “yousshark.com” Then i opened a free account at cloudflare.com to manage my domain name.

I have a cloud VM (droplet) at Digitalocean. An Ubuntu 18.04 base image. I’ve git cloned a basic node app which serves a simple sentence (just for testing purpose).

Inside cloudflare, i added a record to point to the subdomain “nodejs-ssl-deploy.code” to the server address:

So after that i entered the following command inside the VM:

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

cd /opt/letsencrypt

./letsencrypt-auto certonly --standalone

So the last command offers a prompt to enter the domain for which i want generate a ssl certificate, so i entered “nodejs-ssl-deploy.code.yousshark.com” . But all i can get is this error :

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): nodejs-ssl-deploy.code.yousshark.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nodejs-ssl-deploy.code.yousshark.com
Waiting for verification...
Challenge failed for domain nodejs-ssl-deploy.code.yousshark.com
http-01 challenge for nodejs-ssl-deploy.code.yousshark.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: nodejs-ssl-deploy.code.yousshark.com
   Type:   connection
   Detail: dns :: DNS problem: NXDOMAIN looking up A for
   nodejs-ssl-deploy.code.yousshark.com

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. 
Host name                                 IPv4 address|

nodejs-ssl-deploy.code.yousshark.com      159.89.120.161

But i all get is this error. What could be done wrong ?

Hi @youss

your setup can't work.

Your dns entries ( https://check-your-website.server-daten.de/?q=nodejs-ssl-deploy.code.yousshark.com ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
nodejs-ssl-deploy.code.yousshark.com Name Error yes 1 0
www.nodejs-ssl-deploy.code.yousshark.com Name Error yes 1 0

Your name servers:

Domain	Nameserver	NS-IP
www.nodejs-ssl-deploy.code.yousshark.com
	•  ns-cloud-d1.googledomains.com
		
nodejs-ssl-deploy.code.yousshark.com
	•  ns-cloud-d1.googledomains.com

You have to create that A record in your account of ns-cloud-d1.googledomains.com.

These are your authoritative name servers, not Cloudflare.

Thank you @JuergenAuer that was the issue…solved now

1 Like

Happy to read that it had worked.

Now your dns settings are ~~ok.

Host T IP-Address is auth. ∑ Queries ∑ Timeout
nodejs-ssl-deploy.code.yousshark.com A 159.89.120.161 yes 1 0
AAAA yes
www.nodejs-ssl-deploy.code.yousshark.com A 159.89.120.161 yes 1 0
AAAA yes

If you create a dns entry with the www version, you should create a certificate with both domain names:

Your current certificate:

CN=nodejs-ssl-deploy.code.yousshark.com
	05.05.2019
	03.08.2019
expires in 89 days	nodejs-ssl-deploy.code.yousshark.com - 1 entry

has only one domain name, so your www version isn’t secure.

In 60 - 85 days your renew may not work.

Domainname Http-Status redirect Sec. G
http://nodejs-ssl-deploy.code.yousshark.com/
159.89.120.161 301 https://nodejs-ssl-deploy.code.yousshark.com/ 0.227 A
http://www.nodejs-ssl-deploy.code.yousshark.com/
159.89.120.161 301 https://www.nodejs-ssl-deploy.code.yousshark.com/ 0.220 A
https://nodejs-ssl-deploy.code.yousshark.com/
159.89.120.161 200 1.393 A
https://www.nodejs-ssl-deploy.code.yousshark.com/
159.89.120.161 200 1.167 N
Certificate error: RemoteCertificateNameMismatch
http://nodejs-ssl-deploy.code.yousshark.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
159.89.120.161 301 https://nodejs-ssl-deploy.code.yousshark.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.223 A
Visible Content: 301 Moved Permanently nginx/1.14.0 (Ubuntu)
http://www.nodejs-ssl-deploy.code.yousshark.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
159.89.120.161 301 https://www.nodejs-ssl-deploy.code.yousshark.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.220 A
Visible Content: 301 Moved Permanently nginx/1.14.0 (Ubuntu)
https://nodejs-ssl-deploy.code.yousshark.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 200 0.964
Visible Content: I’m a Node app! And I’m sooooo secure.
https://www.nodejs-ssl-deploy.code.yousshark.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 200 0.964 N
Certificate error: RemoteCertificateNameMismatch
Visible Content: I’m a Node app! And I’m sooooo secure.

http + /.well-known/acme-challenge/random-filename is redirected to https, that’s ok.

But now answers the app with a http status 200, not the expected 404 - Not Found.

So in 60 - 85 days Letsencrypt may be not able to read the validation file.

But you have two months to fix that, so it’s not critical.

Hi @JuergenAuer thank you for your detailled answer. I think i fixed it now for both domain. I’ve generated a second certificate for www and it seems to be ok now

3 Likes

Yep, now you have two different certificates - one with www, the other without.

So you need two different vHosts.

And a Grade C, that’s good.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.