Trouble with Let's Encrypt Certificate on Ubuntu AWS EC2 Instance

Help
1

I'm currently facing an issue while trying to link a Let's Encrypt certificate to my Ubuntu machine on AWS EC2. The process involves creating a DNS record, and I'm using Putty and Certbot for the setup. Despite successfully creating the DNS record, I consistently encounter an error stating that the domain does not exist.

Here's a brief overview of the steps I've taken:

  1. DNS Record Creation:
  • I've created the necessary DNS record for my domain on AWS Route 53.
  1. Certificate Generation:
  • I'm using Certbot on my Ubuntu machine to generate the Let's Encrypt certificate. The command I'm using is similar to the following:

sudo certbot certonly --standalone -d mydomain.com

Please note that "mydomain.com" is a placeholder for my actual domain.
3. Error Encountered:

  • Despite successfully creating the DNS record, Certbot returns an error stating that the domain does not exist. I've ensured that the DNS record has propagated, and I can resolve the domain from my machine.

Has anyone encountered a similar issue or can offer insights into what might be causing this problem? Any assistance or advice on troubleshooting steps would be greatly appreciated.

Thank you!

1 Like
2

It's going to be very hard for people here to help you without knowing the actual domain name and the exact error message you're getting. If you don't want to post the name here, but are okay with entering it into random web tools, you could try resolving the name using DNSViz and Unboundtest to confirm that they are seeing the domain name the same way that you are.

4 Likes
3

NXDOMAIN doesn't leave anything to interpretation. I would look for typos either in DNS or shell commands.

Another option is you put the record in a private nameserver not connected to global DNS.

3 Likes
4

Here is the error with the domain name:

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: vivikman.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.vikman.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the manually created DNS TXT records. Ensure that you created these in the correct location, or try waiting longer for DNS propagation on the next attempt.

5

Hi @vikman,

There don't seem to be any Name Servers for the domain name.

$ nslookup -q=ns vivikman.com
Server:         127.0.0.53
Address:        127.0.0.53#53

** server can't find vivikman.com: NXDOMAIN

Edit: IANA's view https://www.iana.org/whois?q=vivikman.com

2 Likes
6

vivikman.com and vikman.com are two different names.

Are you using standalone, or manual? (And why would you be using manual?)

Is there a reason you're trying to use DNS-01? Most people find HTTP-01 easier (though sometimes updating DNS is easier).

We still don't really have enough information to help you. What exactly are you trying to accomplish, and on what name(s)?

6 Likes
7

ICANN Lookup does show this for vikman.com

image
image1168×799 19.4 KB

2 Likes
8

Let's Debug using the DNS-01 challenge yields these results https://letsdebug.net/vikman.com/1773750

image
image1174×479 15.4 KB

2 Likes
9

Yep the true name is vivikman.com I miss writed in the comment section but not in my config but thanks though.

I am doing this as a homework in college where I have to build a full lamp with wordpress (or any software like wordpress) on AWS EC2. Then I have to get a DNS record in order to create and to link a Let's Encrypt certificate. Im not an expert on it and so I did not know which one to use between DNS-01 and HTTP-01.

My problem is that I wonder how to configure correctly my record on Route 53 in the case it's not configured correctly (what to put in value case, which type to choose: A, AAAA, TXT...).

In other words, I still wonder why my DNS record doesn't appear.

Thanks again!

1 Like
10

Do you own that name? ICANN doesn't think that it's currently registered.

Your challenge isn't actually relating to getting a certificate, you first need to get your web site working. Once you have your site working, then you should be able to run certbot (use --apache if you're using Apache, that should be much easier than trying to deal with standalone or manual) to enable TLS.

6 Likes
11

That domain name is unowned

image
image1185×490 17.5 KB

3 Likes
12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.