The server could not resolve a domain name :: No valid IP addresses found for hk.51zcd.com

Server
1

My domain name is hk.51zcd.com, I’m going to use letsencrypt to generate ssl certificate, i can ping to my server, but when I use letencrypt to generate my ssl certificate , give the error:

failed authorization procedure. hk.51zcd.com (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for hk.51zcd.com

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: hk.51zcd.com
    Type: unknownHost
    Detail: No valid IP addresses found for hk.51zcd.com

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.
    Can u help me?

2

It looks like the DNS servers you have set for your domain are refusing queries. If the information cannot be looked up, Let’s Encrypt cannot authenticate the request and issue the certificate. You should contact the DNS provider.

3

For me, most of the DNS servers work, but not all of them. They have… nine IPs, i think? b.dnspod.com's three IPs don’t respond.

I thought the Let’s Encrypt error message would mention SERVFAIL if that was the issue, but maybe not.

Edit: That was the situation earlier, more or less, but right now, 8 of the IPs are failing completely, and 1 is failing like 90% of the time. So, um.

4

Hello @Ailenswpu,

As @motoko and @mnordhoff said, this is an issue with your DNS provider.

I’ve also tried to resolve your domain again all the dnspod.com name servers and this is the result:

a.dnspod.com ---> 119.28.48.235   ---> OK
a.dnspod.com ---> 119.28.48.232   ---> KO
a.dnspod.com ---> 115.236.151.161 ---> OK
b.dnspod.com ---> 119.28.48.231   ---> KO
b.dnspod.com ---> 183.60.52.90    ---> KO
b.dnspod.com ---> 119.28.48.234   ---> KO
c.dnspod.com ---> 115.236.151.160 ---> KO
c.dnspod.com ---> 119.28.48.230   ---> OK
c.dnspod.com ---> 119.28.48.233   ---> KO

So 6 nameservers give time out for me (querying from Spain). Seems dnspod.com is not a reliable dns provider, at least is not reliable outside China.

If you search this forum you will see a couple of posts talking about dnspod.com and their problems.

I don’t know if you can change your dns provider but if you can, go ahead with some other free dns provider like cloudflare for example.

Also, none of the servers that answered my queries answered with the same question I asked. I mean, Let’s Encrypt would ask your dns servers randomizing capital letters like hK.51zCD.cOm and expects an answer like this:

dig @name_server  hK.51zCD.cOm

; <<>> DiG 9.9.7 <<>> @name_server hK.51zCD.cOm
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18361
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hK.51zCD.cOm.                  IN      A    <---- this question section is OK
[Content removed]

But it get this (the dns server converted the capital letters)

dig @119.28.48.235  hK.51zCD.cOm

; <<>> DiG 9.9.7 <<>> @119.28.48.235 hK.51zCD.cOm
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18361
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hk.51zcd.com.                  IN      A    <---- this question section is NOT OK
[Content removed]

So you could have more issues to get your Let’s Encrypt certificate.

Cheers,
sahsanu

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.