Renew - DNS problem: NXDOMAIN looking up A


#1

I’m getting a “DNS problem: NXDOMAIN looking up A” error when trying to update a certificate. It’s using ubuntu / nginx.

ubuntu@ip-172-30-0-32:~$ sudo letsencrypt renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/manage.stage.nowbackto.me.conf

Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for manage.stage.nowbackto.me
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (manage.stage.nowbackto.me) from /etc/letsencrypt/renewal/manage.stage.nowbackto.me.conf produced an unexpected error: Failed authorization procedure. manage.stage.nowbackto.me (tls-sni-01): urn:acme:error:dns :: DNS problem: NXDOMAIN looking up A for manage.stage.nowbackto.me. Skipping.

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/manage.stage.nowbackto.me/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

Are there particular configuration files I should be editing and with what? I’ve seen similar posts on here using dig but I’m not sure what to use there.


#2

Hi @kraftydevil,

When using this method, the hostname has to actually exist in DNS. But this hostname doesn’t exist in DNS. (If you can still access the site from your own machine, you may have hardcoded it in your hosts file?)


#3

Thanks @schoen -

  1. How did you determine the hostname doesn’t exist and how to remedy this?
  2. I can’t access the site from any machine
  3. Do you think I’ve exhausted this method and what are other methods for renewal?

#4

Hi @kraftydevil,

There are lots of tools that do a DNS lookup. I ran host on a command line to do the DNS lookup.

Right. This seems like a more fundamental problem than a certificate renewal. Your site is completely inaccessible due to being missing from DNS.

Couldn’t you try to fix the DNS problem and then return to the certificate renewal task later?


#5

As an update, I ran whois nowbackto.me and I found out that your domain has expired at the registrar, Namecheap, which would also explain why all of the associated DNS records are now missing! You would have to pay Namecheap a renewal fee and possibly a late-payment fee in order to recover use of this domain.


#6

Thanks @schoen - I was finally able to get the renewal for the domain.

I do get the same error text when trying
$ sudo letsencrypt renew (DNS problem: NXDOMAIN looking up A for manage.stage.nowbackto.me)

What’s next? Is there some configuration I should be editing or should I be using more manual commands to renew?


#7

There’s still no DNS record for manage.stage.nowbackto.me. You should fix your DNS settings before you can issue a certificate.


#8

Any recommendation on how to troubleshoot DNS? Is this something I need to fix on the server or with the provider?


#9

Hi @kraftydevil

this is a problem of your dns-entries.

Where do you manage the dns-entries manage.stage.nowbackto.me -> IP-number?

stage.nowbackto.me also doesn’t exist. So who manages the dns-entries of nowbackto.me? Your provider or you?


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.