No valid A records found using Namecheap domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
www. kinetix.digital

I ran this command:
sudo certbot --nginx -d kinetix.digital -d www.kinetix.digital

It produced this output:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: kinetix.digital
Type: dns
Detail: no valid A records found for kinetix.digital; no valid AAAA records found for kinetix.digital

Domain: www.kinetix.digital
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.kinetix.digital - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.kinetix.digital - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

The operating system my web server runs on is (include version): ubuntu

My hosting provider, if applicable, is: Namecheap

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.21.0

I have added an A record pointing to my ip i have alose run nslookup and it comes up ok, but stil getting the certbot error saying no vaid A records found.

Yes you added an A record but it is a private IP. For the HTTP challenge it must be a public IP. And if you want anyone on the public Internet to reach it it will also need to be a public IP :slight_smile:

6 Likes

And the www subdomain indeed does not exist.

6 Likes

Thanks for your response. Could you tell me then, what i would need to do in order to add the certificate from certbot

1 Like

Mike already specified:

6 Likes

So to confirm i need to map the domain from namecheap to the public ip on my machine.? Im using a VM with Ubuntu

I'm not sure what you mean with "map"?

Your goal is to get your domain kinetix.digital to resolve to your public IP in the public DNS.

Or use the dns-01 challenge using e.g. the third party GitHub - alexzorin/certbot-dns-multi: Certbot DNS plugin supporting multiple providers, using github.com/go-acme/lego plugin for Certbot or change to acme.sh which also has a NameCheap DNS plugin.

4 Likes

Who are the intended users of this newly secured site?
Where are they expected to connect from?

5 Likes

HI There, Its just a domain that im using fro testing. Im using Jenkins with Nginx and want to add a cert to make it safe.

That doesn't quite answer the questions.
Are you also going to test it from the Internet?

If it only exists within your internal network, it is already "safe".

5 Likes

OK, sorry new to this. I need to add a cert with certbot as I am using Nginx with Jenkins on a VM with Ubuntu. At the moment Niginx and Jenkins is installed. I have completed all the nginx with config block and linked to the sites-enabled directory. So now in Jenkins all works but its not secure so I need to add the cert so I can use https. Hope that is clear

Not really. If you are happy running it only on your own network like you are now then why do you need a cert?

If you want it to be reached from the public internet, you need to change your DNS A and AAAA records to use your public IP addresses.

Several of us have said this already.

If you still want a cert when running only on your own network you have to use the DNS Challenge as Osiris described earlier.

This has nothing to do with what kind of service you are running but from where you want to access it from.

5 Likes

So now Im poiting to a public Ip and Im getting unauthorised
Domain: kinetix.digital
Type: unauthorized
Detail: 162.0.235.101: Invalid response from https://kinetix.digital/.well-known/acme-challenge/-g8rMtInMe03Uvnuun2Ep3ChVmBhReMKRbqAi5WUgUo: 404

You need a working HTTP service before trying to secure it.
Also, HTTP must be accessible from the Internet [not just some parts of it]; As ACME validation requests may come from anywhere on the Internet.

4 Likes

But it looks like your site is already secure.
And using a one year Sectigo cert:
SSL Server Test: www.kinetix.digital (Powered by Qualys SSL Labs)

3 Likes

That's probably because it currently has a NameCheap IP address set up. So I'm not sure what OP did previously with the LAN IP address, but apparently they are hosting their website with NameCheap now and not locally.

Not sure if that was intended.

3 Likes

I guess not intended. The response headers say LiteSpeed but they were trying to use --nginx plug-in in first post. That won't work.

More though is the home page returns a page titled "Namecheap Parking Page".

It further says that if you are owner of the domain to contact their support team. Which they should probably do :slight_smile:

Or, they need to fix the IP address to point to their actual server. @leegodden try this to find your IP address(es)

curl -4 https://ifconfig.io
curl -6 https://ifconfig.io

The result of -4 becomes your A record. -6 your AAAA record

5 Likes

BU I don't understand why Im getting unauthorised now from certbot

You need to understand how Certbot, and ACME in general works.

Please read How It Works - Let's Encrypt first, get a good grasp on how ACME works, then understand what you've done with your NameCheap domain (we don't) and then ask again for help with directed questions (and explain what you've done with NameCheap).

Oh and in general, what you're trying to achieve to begin with.

5 Likes

You have a Setigo cert in place. It is valid until May 14 2024. :innocent:

5 Likes