Hi,
First of all thank you so much for the great work you are doing and congrats for reaching the billion certificate recently.
Secondly apologies if my issue is redundant with others. I have read them but I am quite a newbie with DNS things and couldn’t understand everything nor solve my problem on my own.
My domain is: wygiz.app
I ran this command:
sudo certbot certonly
–standalone
–non-interactive
–agree-tos
–email admin@wygiz.app
–cert-name wygiz.app
–domains www.wygiz.app
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wygiz.app
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. wygiz.app (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for wygiz.app
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: wygiz.app
Type: None
Detail: No valid IP addresses found for wygiz.app
My web server is (include version):
I use traefik but the question is not applicable here since I am using the certonly --standalone subcommand here.
Side note: I know that traefik can automate the generation of certificates for me but I do not want to use this feature. I want to do this my self and automate this with a crontab.
The operating system my web server runs on is (include version):Ubuntu 18.04.3 LTS
My hosting provider, if applicable, is: www.ovh.com
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes, both the ovh panel for the server and the google domain one for the domain name.
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.31.0
Other details and questions:
The port 80 is free on my server so there should not be any problem to get the http-challenge working.
My domain name is managed through google domains.
The server which I am trying to generate certificates from is vps407881.ovh.net. It’s IP is 151.80.149.141.
I have first registered my domain through the google domains web admin interface as a CNAME record:
wygiz.app CNAME vps407881.ovh.net
But I got the error I am solicitating you for.
I then tried to use an A record but the result ended to be the same.
wygiz.app A 151.80.149.141
I tried this because I do not understand exactly everything about DNS and figured out these two record types were the most common. But there are so many that maybe I am using the wrong one.
As of now the record is still set as an A one. Tell me if I should change this.
I also tried to understand things by using the dig command line tool.
One thing that I do not understand is that if I try dig for anything.wygiz.app I get a response which seems valid to me but if I try for dig just for wygiz.app it seems that I can’t get the IP of the server.
Maybe the problem comes from here. I lack knowledge here, maybe we can’t dig for the raw domain name, only for sub domains ?
Results of dig below:
dig @8.8.8.8 test.wygiz.app
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @8.8.8.8 test.wygiz.app
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24164
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;test.wygiz.app. IN A
;; ANSWER SECTION:
test.wygiz.app. 3599 IN A 151.80.149.141
;; Query time: 23 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Mar 21 15:32:25 CET 2020
;; MSG SIZE rcvd: 59
dig @8.8.8.8 wygiz.app
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @8.8.8.8 wygiz.app
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10893
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;wygiz.app. IN A
;; AUTHORITY SECTION:
wygiz.app. 299 IN SOA ns-cloud-c1.googledomains.com. cloud-dns-hostmaster.google.com. 10 21600 3600 259200 300
;; Query time: 19 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Mar 21 15:32:57 CET 2020
;; MSG SIZE rcvd: 131
As you can see for test.wygiz.app I get a nice A record with the IP but for wygiz.app I only get an empty A record and a SOA record which I don’t know what it is.
Can you help me please to solve this ?
Do not hesitate to point me any documentation on the DNS/certificates subjects as I am a solid documentation reader. I would be glad for the insights.
Thank you very much for your response and once again for the great work you are doing to make the web secure.
Best regards.
Damien Montigny