Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
ramsoft.xyz
I ran this command: sudo certbot --staging --nginx
It produced this output:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ramsoft.xyz
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ramsoft.xyz (http-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for ramsoft.xyz
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: ramsoft.xyz
Type: unknownHost
Detail: No valid IP addresses found for ramsoft.xyz
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
nginx/1.10.3 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 16.04.4 LTS
My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
Your other A record, 162.255.119.116 , points to Namecheap’s URL forwarding service.
Now, if you want to issue a certificate using Certbot for your domain name, you need to remove both of these records at Namecheap, and add an A record that points to the IP address of the actual web server running nginx.
The domain needs to point at your web server, otherwise Certbot is not able to prove that you control the domain, which is required in order for you to issue a certificate.
To add, not only does the domain need to point to your web server, your web server also needs to be accessible from the outside internet. So if you are running this nginx server behind a residential connection with a modem/router, this might involve forwarding ports 80 and 443 on the router to the computer running nginx. Keep in mind that some residential internet providers block port 80, making this impossible.
If you can’t organize this, there is an alternative. You can use DNS validation rather than the default validation method that --nginx uses (which is HTTP/webroot).
In this variant, you would need to manually setup TXT records in Namecheap.
You can ask Certbot to guide you through that by running:
sudo certbot -a manual -i nginx --preferred-challenges dns -d ramsoft.xyz
It may appear as a 'URL forwarding' option or something like that. You should ask Namecheap support if you can't figure out how to rid yourself of it.
If you're on the same internet connection as your server, probably, yes.
Your domain has its nameservers configured to those of Namecheap right now. If you want to use your own nameserver, then you would need to change the nameserver delegation on Namecheap to your Bind server. However, running a single authoritative nameserver off a residential internet connection is pretty sketchy and I wouldn't advise it.
Ah, a dig. Thank you. I cleared out my NameCheap A records (why you shouldn’t see the redirect anymore). Doing another dig, I believe I have to change my local DNS record to reflect the public IP.
That looks like it would work. You may just have to wait longer for the nameservers to update.
(The “ramsoft.xyz” and “www.ramsoft.xyz” records are probably not necessary, though. They probably expand to “ramsoft.xyz.ramsoft.xyz.” and “www.ramsoft.xyz.ramsoft.xyz.” respectively.)
Oh, so making the Host (@ or www) the domain is not accurate and results in that comical repeated string you’ve shown. Wondered about that too. I appreciate the clarification. I put them there as a “I’m just going to put records of everything here and see what sticks”, which is not my usual way, but this is definitely giving me a challenge.
I will remove those two A records ramsoft.xyz and www.ramsoft.xyz.
Edit: I have heard one mention of NameCheap being slower. I think I can increase the TTL to 1 minute.
Ran this to test it: sudo certbot --staging --nginx -d ramsoft.xyz -d www.ramsoft.xyz (because I ran into the problem, running that without --staging, of limits. I didn’t read ahead on that one.
But, that was successful. I did give me a cert, chain, and key, because running without --staging told me I already had one.