New domain with no a or aaaa

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: easytigger.au

I ran this command: root@lmde5:~# certbot --apache --agree-tos --redirect --hsts --uir --staple-ocsp --email craig@wilkydiney.id.au -d easytigger.au,www.easytigger.au

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Requesting a certificate for easytigger.au and www.easytigger.au
Performing the following challenges:
http-01 challenge for easytigger.au
http-01 challenge for www.easytigger.au
Waiting for verification...
Challenge failed for domain easytigger.au
Challenge failed for domain www.easytigger.au
http-01 challenge for easytigger.au
http-01 challenge for www.easytigger.au
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: easytigger.au
  Type: dns
  Detail: no valid A records found for easytigger.au; no valid AAAA
  records found for easytigger.au

  Domain: www.easytigger.au
  Type: dns
  Detail: no valid A records found for www.easytigger.au; no valid
  AAAA records found for www.easytigger.au

My web server is (include version):apache2

The operating system my web server runs on is (include version): Linux Mint Debian Edition LMDE5

My hosting provider, if applicable, is: me hopefully

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): will be WP

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.12.0

Hopefully this helps, if I run dns-01 through debug I get this.

Test result for easytigger.au using dns-01

All OK!

OK

No issues were found with easytigger.au. If you are having problems with creating an SSL certificate, please visit the Let's Encrypt Community forums and post a question there.

What I am trying to do is set up my own server ( it seemed like a fun thing to do) and once I get to the certbot thingy I can't get any further, any suggestions greatly appreciated, Cheers Wilky

I can't find any NS record or whois info for that domain. did you really buy that domain?
letsdebug.net (who's the author?) need to be updated to check if the domain is actually registered in dns-01 challenge

yes I really did buy this domain and have the certificate of ownership for it. What I do not understand is (I am a newbie to this) why It comes up with " Test result for easytigger.au using dns-0k
All OK!"
but using "root@lmde5:~# certbot --apache --agree-tos --redirect --hsts --uir --staple-ocsp --email craig@wilkydiney.id.au -d easytigger.au,www.easytigger.au" comes up with "Waiting for verification...
Challenge failed for domain easytigger.au
Challenge failed for domain www.easytigger.au
http-01 challenge for easytigger.au
http-01 challenge for www.easytigger.au
Cleaning up challenges
Some challenges have failed."
Can someone give me a hint at what I have to do???

whats your dns host?

A DNS challenge uses your DNS differently than the HTTP challenge used by the --apache plug-in for certbot. So, one can succeed and the other fails. If you use the HTTP challenge for Let's Debug it shows the same error.

Your DNS does not have an A (or AAAA record for IPv6) in it. No one can reach that site without it. You need to have them set to the public IP of your server. Example:

curl -I easytigger.au
curl: (6) Could not resolve host: easytigger.au
curl -I www.easytigger.au
curl: (6) Could not resolve host: www.easytigger.au

Hi @Craigwilkin, and welcome to the LE community forum

The HTTP-01 authentication method requires an HTTP challenge - which requires a working web site.
The DNS-01 authentication method requires a DNS challenge - which requires a working DNS system.

Right now, there is no IP for your names, so you can't provide a working web site.
If the authoritative DNS servers can be managed (even manually), you may be able to get a cert now:

easytigger.au   nameserver = ns1.nameserver.net.au
easytigger.au   nameserver = ns2.nameserver.net.au
easytigger.au   nameserver = ns3.nameserver.net.au

If you expect to provide the Internet any kind of connectivity to your site, you will need to provide it with an IP and a path that can reach your server's name (via that IP).

Because for the DNS challenge, there is no need for an A or AAAA RR. The dns-01 challenge requires a TXT record in DNS, but as LetsDebug can't actually check for that (because it doesn't have access to your DNS zone to add/remove records), it can only check some basic things. But not the entire challenge.

If you'd check the http-01 challenge, you see the DNS errors for that challenge, i.e., no A or AAAA RR.

thankyou rg305 and all the other replies as well, I am starting to understand my problem, but not how to resolve it. So to get "The HTTP-01 authentication" I need to have a working website.
That is my ultimate game plan.

At present I am setting up my server to self host, I have the basics in place but I need to setup WordPress so I can start building my website and then point the www to my server. I will keep plodding on.

rg305 I do not fully understand bit with the "authoritative DNS servers"

I am trying to set myself up as the "authoritative DNS server" (I think) ok thanks again all, cheers wilky

you should first go to site you bought domain from, set some nameserver you control
now I see whois infomation that you bought it from SYNERGY WHOLESALE ACCREDITATIONS PTY LTD. it should have a page to set record for it

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.