Letsencrypt error DNS problem: NXDOMAIN looking up A for etc

i've bought a domain name at google domains: "yousshark.com" Then i opened a free account at cloudflare.com to manage my domain name.

I have a cloud VM (droplet) at Digitalocean. An Ubuntu 18.04 base image. I've git cloned a basic node app which serves a simple sentence (just for testing purpose).

Inside cloudflare, i added a record to point to the subdomain "nodejs-ssl-deploy.code" to the server address:

Selection_0091305×152 11.3 KB

So after that i entered the following command inside the VM:

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

cd /opt/letsencrypt

./letsencrypt-auto certonly --standalone

So the last command offers a prompt to enter the domain for which i want generate a ssl certificate, so i entered "nodejs-ssl-deploy.code.yousshark.com" . But all i can get is this error :

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): nodejs-ssl-deploy.code.yousshark.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nodejs-ssl-deploy.code.yousshark.com
Waiting for verification...
Challenge failed for domain nodejs-ssl-deploy.code.yousshark.com
http-01 challenge for nodejs-ssl-deploy.code.yousshark.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: nodejs-ssl-deploy.code.yousshark.com
   Type:   connection
   Detail: dns :: DNS problem: NXDOMAIN looking up A for
   nodejs-ssl-deploy.code.yousshark.com

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. 

Host name                                 IPv4 address|

nodejs-ssl-deploy.code.yousshark.com      159.89.120.161

But i all get is this error. What could be done wrong ?

Hi @youss

your setup can't work.

Your dns entries ( https://check-your-website.server-daten.de/?q=nodejs-ssl-deploy.code.yousshark.com ):

Your name servers:

Domain	Nameserver	NS-IP
www.nodejs-ssl-deploy.code.yousshark.com
	•  ns-cloud-d1.googledomains.com
		
nodejs-ssl-deploy.code.yousshark.com
	•  ns-cloud-d1.googledomains.com

You have to create that A record in your account of ns-cloud-d1.googledomains.com.

These are your authoritative name servers, not Cloudflare.

Thank you @JuergenAuer that was the issue.......solved now

Happy to read that it had worked.

Now your dns settings are ~~ok.

If you create a dns entry with the www version, you should create a certificate with both domain names:

Your current certificate:

CN=nodejs-ssl-deploy.code.yousshark.com
	05.05.2019
	03.08.2019
expires in 89 days	nodejs-ssl-deploy.code.yousshark.com - 1 entry

has only one domain name, so your www version isn’t secure.

In 60 - 85 days your renew may not work.

http + /.well-known/acme-challenge/random-filename is redirected to https, that’s ok.

But now answers the app with a http status 200, not the expected 404 - Not Found.

So in 60 - 85 days Letsencrypt may be not able to read the validation file.

But you have two months to fix that, so it’s not critical.

Hi @JuergenAuer thank you for your detailled answer. I think i fixed it now for both domain. I’ve generated a second certificate for www and it seems to be ok now

Yep, now you have two different certificates - one with www, the other without.

So you need two different vHosts.

And a Grade C, that’s good.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.