NextCloud getting DNS not found error

Help
1

I am trying to install NextCloud in a docker container on an Alpine Linux VM.

I am getting the below error, but can confirm that there is an A record for winton.dmac.au. Is there a reason this might be happening? Which DNS server is LE checking for a record?

My domain is: winton.dmac.au

I ran this command:

It produced this output:
{"level":"error","ts":1681269506.0030339,"logger":"http.acme_client","msg":"challenge failed","identifier":"winton.dmac.au","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: NXDOMAIN looking up A for winton.dmac.au - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for winton.dmac.au - check that a DNS record exists for this domain","instance":"","subproblems":}}

My web server is (include version): Apache (via nextcloud docker)

The operating system my web server runs on is (include version): Alpine Linux

My hosting provider, if applicable, is: Self hosted

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): unknown

2

Hi @dmac_au, and welcome to the LE community forum :slight_smile:

Step #1 is DNS; Without DNS there is very little Internet.

2 Likes
3

I'm also seeing no DNS record for that name in public DNS. @dmac_au, is it possible that you have an entry for this name in a hosts file or a private DNS server, but not in public DNS as seen by the rest of the Internet?

4 Likes
4

Only authoritative DNS servers.

3 Likes
5

It seems the authoritative DNS servers are using a global loadbalancer that might be somewhat out-of-sync:

dmac.au nameserver = ns1.onlydomains.com
dmac.au nameserver = ns2.onlydomains.com
dmac.au nameserver = ns3.onlydomains.com
ns1.onlydomains.com     internet address = 75.2.6.34
ns2.onlydomains.com     internet address = 75.2.85.37
ns3.onlydomains.com     internet address = 99.83.188.20

Name:    aef93cd39153ffbac.awsglobalaccelerator.com
Address: 75.2.6.34

Name:    a9bf3e392db71e4d0.awsglobalaccelerator.com
Address: 75.2.85.37

Name:    aef93cd39153ffbac.awsglobalaccelerator.com
Address: 99.83.188.20

I get an authoritative reply [from Miami]:

nslookup winton.dmac.au ns1.onlydomains.com
Address: 75.2.6.34

Name:    winton.dmac.au
Address: 203.51.30.92
2 Likes
6

It is definitely a public DNS address.

I get the correct result for winton.dmac.au from both Google's and my ISP DNS servers.

I am also having trouble logging into my domain provider at the moment due to email issues so maybe they are related.

7

This is the correct IP address. Is there any reason then that LE wouldn't be getting this result?

8

I'm not sure exactly but DNSSEC could be wrong. A tool we often use doesn't see your A record either
https://dnsviz.net/d/winton.dmac.au/dnssec/

And, https://unboundtest.com uses a lookup method similar to Let's Encrypt and it is a DNSSEC compliant method and doesn't see it either.

Let's Debug is worthwhile testing tool just to more easily duplicate the problem in the LE Staging system

3 Likes
9

I thought I already answered that question...

3 Likes
10

Sorry I misunderstood what that meant. I checked all 3 servers and the subdomain is the same IP from all.

I'll see what I can do if I ever get into my domain control panel.

11

Thanks for these tools. The first thing in Let's Debug makes sense as I am blocking port 80, but still don't know why the DNS record is failing.

Anywho, I'll talk to my domain registrar and see if they can help.

Thanks

1 Like
12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.