No valid IP addresses found for shandrio.tk


#1

Hi! I’m experiencing the following problem trying to request a new certificate using certbot. Running on Ubuntu 16.04 LTS:

# certbot-auto --apache -d shandrio.tk -d www.shandrio.tk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for shandrio.tk
tls-sni-01 challenge for www.shandrio.tk
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. shandrio.tk (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for shandrio.tk

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: shandrio.tk
    Type: unknownHost
    Detail: No valid IP addresses found for shandrio.tk

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.

this is my 000-default.conf file contents in case it helps:

<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com

ServerAdmin s****@gmail.com
ServerName shandrio.tk
ServerAlias www.shandrio.tk
DocumentRoot /var/www/html

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

</VirtualHost>

Any help would be greatly appreciated


#2

Well, the error says it all: there’s no IP address configured for shandrio.tk:

osiris@desktop ~ $ dig +norecurse @ns01.freenom.com shandrio.tk

; <<>> DiG 9.10.3-P4 <<>> +norecurse @ns01.freenom.com shandrio.tk
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19114
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 2800
> ;; QUESTION SECTION:
;shandrio.tk. IN A

;; AUTHORITY SECTION:
shandrio.tk. 300 IN SOA ns01.freenom.com. soa.freenom.com. 1488564572 10800 3600 604800 3600

;; Query time: 26 msec
;; SERVER: 54.171.131.39#53(54.171.131.39)
;; WHEN: Fri Mar 03 22:18:30 CET 2017
;; MSG SIZE rcvd: 96

osiris@desktop ~ $

Compare this with www.shandrio.tk:

osiris@desktop ~ $ dig +norecurse @ns01.freenom.com www.shandrio.tk

; <<>> DiG 9.10.3-P4 <<>> +norecurse @ns01.freenom.com www.shandrio.tk
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35734
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 2800
;; QUESTION SECTION:
;www.shandrio.tk. IN A

;; ANSWER SECTION:
www.shandrio.tk. 14440 IN A 190.190.67.87

;; Query time: 25 msec
;; SERVER: 54.171.131.39#53(54.171.131.39)
;; WHEN: Fri Mar 03 22:19:59 CET 2017
;; MSG SIZE rcvd: 60

osiris@desktop ~ $

Notice the first doesn’t contain an answer.

So the type of action you need to follow is to go to your DNS provider and add an IP address for shandrio.tk, if possible.


#3

Thanks! I don’t know exactly how to do that. I tried to add “*” name to the A DNS record but got an error. Adding nothing (empty name box) succeeded, but no response yet. Maybe I need to wait for it to propagate…


#4

That was the right one, yes. A wildcard only works for subdomains, e.g., pointing *.example.com to an IP address will work for random-something.example.com, but not for example.com itself.

Anyhow, seems to work now:

osiris@desktop ~ $ dig +norecurse @ns01.freenom.com shandrio.tk

; <<>> DiG 9.10.3-P4 <<>> +norecurse @ns01.freenom.com shandrio.tk
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65418
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 2800
;; QUESTION SECTION:
;shandrio.tk.			IN	A

;; ANSWER SECTION:
shandrio.tk.		14440	IN	A	190.190.67.87

;; Query time: 31 msec
;; SERVER: 54.171.131.39#53(54.171.131.39)
;; WHEN: Fri Mar 03 22:50:01 CET 2017
;; MSG SIZE  rcvd: 56

osiris@desktop ~ $ 

Let’s Encrypt always asks the authorative nameserver, so it should not have to propagate.


#5

Thanks again! I ran the script once more and now everything is working perfectly now. I have my site up with SSL!


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.