The https not working after create letsencrypt

I’m trying to add letsencrypt cert to nginx server.
NOTE: I’m using Docker containers for both Nginx server and my website
I get this error
The server could not connect to the client to verify the domain :: dns :: DNS problem: NXDOMAIN looking up A for

while the container logs don’t show any error.
I create the key and cert using this command
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privkey.pem -out fullchain.pem

What’s I’m missing?
here is my docker file for nginx:

FROM ubuntu:latest

 apt-get update && \
 apt-get install -y nginx && \
 rm -rf /var/lib/apt/lists/* && \
 echo "\ndaemon off;" >> /etc/nginx/nginx.conf && \
 chown -R www-data:www-data /var/lib/nginx

VOLUME ["/etc/nginx/sites-enabled", "/etc/nginx/certs", "/etc/nginx/conf.d", "/var/log/nginx"]

COPY default.conf /etc/nginx/sites-available/default

RUN mkdir  /etc/letsencrypt/
RUN mkdir  /etc/letsencrypt/live/
RUN mkdir  /etc/letsencrypt/live/

COPY fullchain.pem /etc/letsencrypt/live/
COPY privkey.pem /etc/letsencrypt/live/

WORKDIR /etc/nginx

CMD ["nginx"]


and my nginx default.conf

server {
   listen *:80;
   access_log off;
   rewrite ^/(.*) https://$server_name/$1;

server {

   listen *:443 ssl default_server;

   ssl_certificate  /etc/letsencrypt/live/;
   ssl_certificate_key    /etc/letsencrypt/live/;
   ssl on;

location / {
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $remote_addr;
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_redirect off;

What Let's Encrypt client are you using and how are you attempting to issue the certificate?

Is the domain you're trying to issue a certificate for properly setup with a valid A or AAAA record? This error seems to indicate that the CA has failed to resolve your domain.

1 Like

Hi @yuna

please answer the following questions. That's the standard template of #help

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.