No valid A records found

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:www.mergelab.co
Subdomain www.live.mergelab.co

I ran this command:
sudo certbot --nginx -d live.mergelab.co -d www.live.mergelab.co

It produced this output:
ubuntu@owncast:~$ sudo certbot --nginx -d live.mergelab.co -d www.live.mergelab.co
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for live.mergelab.co
http-01 challenge for www.live.mergelab.co
Waiting for verification...
Challenge failed for domain live.mergelab.co
Challenge failed for domain www.live.mergelab.co
http-01 challenge for live.mergelab.co
http-01 challenge for www.live.mergelab.co
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: live.mergelab.co
    Type: dns
    Detail: no valid A records found for live.mergelab.co; no valid
    AAAA records found for live.mergelab.co

  • The following errors were reported by the server:

    Domain: www.live.mergelab.co
    Type: connection
    Detail: 152.67.111.215: Fetching
    http://www.live.mergelab.co/.well-known/acme-challenge/E1R5j1hNkR70gWB3MNxqY1f0X1iFTjpN8eLv45bID9k:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you're using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    ubuntu@owncast:~$

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 20.04
My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Welcome @amarmashruwala

Your domain name live.mergelab.co does not have an A or AAAA record in your DNS with the IP address to your server. You need to add one.

Your www domain has an A record pointing to 152.67.111.215. But, is that your server? Because it relates to Oracle Cloud but you say your hosting service is GoDaddy.

Your first step is to make sure your DNS records point to the public IP for the server you run certbot on.

You can check you public IP by running this on your server:

curl -4 ifconfig.co
curl -6 ifconfig.co

These return your IPv4 and IPv6 addresses. IPv6 may not be available and that is ok. In that case do not create an AAAA record in your DNS

4 Likes

Hello, @MikeMcQ thanks for your response.

I am running the server on Oracle cloud.
my Public ip is 152.67.111.215

I also have a A record in my DNS settings. DNS settings are on Godaddy as i have purchased the domain from them
A www.live 152.67.111.215 600 seconds
CNAME www mergelab.co.

i am still getting the same error when i run the command:

$ sudo certbot --nginx -d live.mergelab.co -d www.live.mergelab.co


Anything i am doing wrong?

thanks in advance
Name:    www.live.mergelab.co
Address: 152.67.111.215

Name:    live.mergelab.co

I only get an IP for the "www".

You also need a CNAME for "live".

1 Like

It looks to me like they don't have an A record for the apex mergelab.co

And, the CNAME for www is pointing to the apex so has no IP

I think they would be better off making www and www.live both be A records if they don't plan to use the apex name

1 Like

ok here is my DNS settings:
could you please tell me what am i missing and what should i delete.

i tried adding a CNAME record, got an error

That's backwards.
CNAME "live" > "mergelab.co"

1 Like

Do you think that is the only issue?

Still the same error even though i have an A reocrd

Challenge failed for domain live.mergelab.co
Challenge failed for domain www.live.mergelab.co
http-01 challenge for live.mergelab.co
http-01 challenge for www.live.mergelab.co
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: live.mergelab.co
    Type: dns
    Detail: no valid A records found for live.mergelab.co; no valid
    AAAA records found for live.mergelab.co

  • The following errors were reported by the server:

    Domain: www.live.mergelab.co
    Type: connection
    Detail: 152.67.111.215: Fetching
    http://www.live.mergelab.co/.well-known/acme-challenge/1PorEFra4w9M0WjHtjzPIh E824loBdCi19wtdgldZb8:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you're using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

No, your DNS is still wrong. You need to setup an A record for your @ name like you did for your NS records.

Or, change your two CNAMEs to both be A records as I previously noted.

You have an unusual use of names in that you are not using your apex name (yet). Doing one of the above two should allow use of both of your subdomains (live and www.live)

2 Likes

ok here are my settings now. sorry i dont understand when you say "You need to setup an A record for your @ name like you did for your NS records.

Or, change your two CNAMEs to both be A records as I previously noted."

No.
But we'll go one problem at a time.

It seems the only line with an IP now is "www.live".
You lost the entry for "mergelab.co" = "your IP"

2 Likes

i dont have a server pointing to mergelab.co

i only want to use the subdomain live.mergelab.co right now.

Next i plan to build a site for mergelab.co

Then these names will fail to resolve to any IP:
image
Thus you won't be able to obtain a cert for them using HTTP authentication.
Nor will anyone on the Internet know where to reach them.

1 Like

ok just added an IP for mergelab.co

how is this looking now?

That will "work".
But it is putting an IP to the name mergelab.co and www.mergelab.co
Which you said:

1 Like
Name:    mergelab.co
Address: 152.67.111.215
Aliases: www.mergelab.co <<<<<

Name:    mergelab.co <<<<<
Address: 152.67.111.215

Name:    www.live.mergelab.co <<<<<
Address: 152.67.111.215

Name:    mergelab.co
Address: 152.67.111.215
Aliases: live.mergelab.co <<<<<
1 Like

yes so are you saying i need to have a website first at mergelab.co
before i use the subdomain live.mergelab.co

I plan to use another cloud server to build a website which will use mergelab.co

Can i later change the A record for mergelab.co to another IP once i have that server?