Some challenges have failed

Renewing an existing certificate for documentation.dgmall.id and www.documentation.dgmall.id

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: www.documentation.dgmall.id
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.documentation.dgmall.id - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.documentation.dgmall.id - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Hi @zaqqin, and welcome to the LE community forum :slight_smile:

There is no IP for "www.documentation.dgmall.id".
There is one for "documentation.dgmall.id".
If you need the cert to include "www", you will need to get that site working before requesting the cert.

4 Likes

How can I solve this problem, please help.

Add a DNS record in that zone for the name www.documentation.dgmall.id.
Make sure the site can be reached: http://www.documentation.dgmall.id.
Then retry getting a certificate for both names:
www.documentation.dgmall.id
documentation.dgmall.id

6 Likes

I have done but the result is still the same

It doesn't look that way from here. Queries for www.documentation.dgmall.id return a 'not found' response.

6 Likes

And for those that like looking at documentation.dgmall.id | DNSViz
There is this ERROR
documentation.dgmall.id/A: No response was received from the server over UDP (tried 12 times). (103.253.212.32, UDP_-NOEDNS)

Here is the list of Authoritative Name Servers for dgmall.id

$ nslookup -q=ns dgmall.id ns1.mysrsx.com.
Server:         ns1.mysrsx.com.
Address:        162.243.136.170#53

dgmall.id       nameserver = ns2.mysrsx.net.
dgmall.id       nameserver = ns1.mysrsx.com.
dgmall.id       nameserver = ns3.mysrsx.biz.
dgmall.id       nameserver = ns4.mysrsx.org.

However I do not find any Authoritative Name Servers for for www.documentation.dgmall.id or documentation.dgmall.id

$ nslookup -q=ns www.documentation.dgmall.id ns1.mysrsx.com.
Server:         ns1.mysrsx.com.
Address:        103.253.212.32#53

** server can't find www.documentation.dgmall.id: NXDOMAIN

$ nslookup -q=ns www.documentation.dgmall.id ns2.mysrsx.net.
Server:         ns2.mysrsx.net.
Address:        103.253.213.3#53

** server can't find www.documentation.dgmall.id: NXDOMAIN

$ nslookup -q=ns www.documentation.dgmall.id ns3.mysrsx.biz.
Server:         ns3.mysrsx.biz.
Address:        107.170.170.91#53

** server can't find www.documentation.dgmall.id: NXDOMAIN

$ nslookup -q=ns www.documentation.dgmall.id ns4.mysrsx.org.
Server:         ns4.mysrsx.org.
Address:        128.199.254.184#53

** server can't find www.documentation.dgmall.id: NXDOMAIN

$ nslookup -q=ns documentation.dgmall.id ns1.mysrsx.com.
Server:         ns1.mysrsx.com.
Address:        103.253.212.32#53

*** Can't find documentation.dgmall.id: No answer

$ nslookup -q=ns documentation.dgmall.id ns2.mysrsx.net.
Server:         ns2.mysrsx.net.
Address:        188.226.161.195#53

*** Can't find documentation.dgmall.id: No answer

$ nslookup -q=ns documentation.dgmall.id ns3.mysrsx.biz.
Server:         ns3.mysrsx.biz.
Address:        103.247.8.19#53

*** Can't find documentation.dgmall.id: No answer

$ nslookup -q=ns documentation.dgmall.id ns4.mysrsx.org.
Server:         ns4.mysrsx.org.
Address:        128.199.254.184#53

*** Can't find documentation.dgmall.id: No answer

1 Like

Done what?

  1. Add a DNS record in that zone for the name www.documentation.dgmall.id.
    NOT done

  2. Make sure the site can be reached: http://www.documentation.dgmall.id.
    NOT reacheable

5 Likes

Or alternatively, if you don't need the www. name, don't include it as a domain on the certificate you're requesting. You only need it if you have users that are going to type that in (which some users may do out of habit, but for some sites it's not an issue).

5 Likes

thanks for the help this is very helpful

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.