Swag Unraid certificate renewal error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: tomdohrmann.com

I ran this command: I restarted SWAG on Unraid to provoke a cert renewal

It produced this output: Renewing an existing certificate for homeassistant.tomdohrmann.com and 4 more domains

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: www.tomdohrmann.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.tomdohrmann.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.tomdohrmann.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate www.tomdohrmann.com with error: Some challenges have failed.
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/www.tomdohrmann.com/fullchain.pem (failure)

My web server is (include version): Swag

The operating system my web server runs on is (include version): Unraid 6.12.3

My hosting provider, if applicable, is: Self-hosted

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.9.0

I've rebooted my server and router, have confirmed ports 180 and 1443 are forwarded in my router.

The error says you do not have an A record in your DNS for your www subdomain. You should probably setup your www CNAME like you have for your homeassistant subdomain (I am guessing). No one can reach your www subdomain from the public internet without this (not just Let's Encrypt)

homeassistant.tomdohrmann.com. 300 IN	CNAME	dohrmann.duckdns.org.
dohrmann.duckdns.org.	60	IN	A	116.255.33.176
3 Likes

Thanks @MikeMcQ for the quick response.That's true I haven't got a CNAME record for www but it's been working for years without one. Why would it now be a problem?

1 Like

Hmm. The below DNS History archive says otherwise :slight_smile: Did you always use an HTTP Challenge? Because a DNS Challenge could get a cert without needing that. Still, with no A record no one but you would know what IP address to connect to for that name.

3 Likes

Haha wow ok I stand corrected!! I must have mistakenly deleted it when removing other unneeded subdomains. Thanks for your help!

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.