NXDOMAIN Looking up A for Error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:


I ran this command:

sudo certbot --nginx

It produced this output:

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: www.mahabamufti.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.mahabamufti.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.mahabamufti.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

My web server is (include version):
NGINX 1.18

The operating system my web server runs on is (include version):
UBUNTU 22.04

My hosting provider, if applicable, is:
Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

The log file is

logfile.txt (26.3 KB)

Initially IPV6 wasn't enabled on Digital Ocean, so i enabled it, added AAAA record, i can even see it via a DNS lookup but still fails the http challenge

Hi @mog28, and welcome to the LE community forum :slight_smile:

The DNS failure is for the "www" name:

nslookup www.mahabamufti.com ns1.digitalocean.com
Server:  ns1.digitalocean.com
*** ns1.digitalocean.com can't find www.mahabamufti.com: Non-existent domain

I only see IPs for the base domain:

Name:      mahabamufti.com
Addresses: 2400:6180:0:d0::bbf:c001

When you say these types of things you should also show them - for all to see what you saw.


my bad, that is what i mean by "IPV6 not enabled"

this is my first time encountering this type of issue with letsencrypt

the problem was mine

been using linode & vultr and both providers auto add both www & the base domain, they also auto enable IPV6

in this case, i assumed the www would be added by default.

i have added it,, and it has worked

thank you so much

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.