Trying to generate certificate with error

Help
1

I am using LetsEncrypt on many domains and subdomains . However, I just migrate all my websites to another server, and I have 1 problem only on this subdomain.
I can’t figure out why this error is raised and how to solve it.
I successfully generate various certificates on vairous subdomain of olydri.com, but for this one it’s not working. If you have any ideas :slight_smile:

Thx for you help !

My domain is: mobileappdisplay.olydri.com

I ran this command:./certbot-auto --apache -d mobileappdisplay.olydri.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mobileappdisplay.olydri.com
Waiting for verification…
Challenge failed for domain mobileappdisplay.olydri.com
http-01 challenge for mobileappdisplay.olydri.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version):

apache2 -v
Server version: Apache/2.4.25 (Debian)
Server built: 2019-10-13T15:43:54

The operating system my web server runs on is (include version): Debian 9.12

My hosting provider, if applicable, is: me (OVH)

I can login to a root shell on my machine : yes :slight_smile:

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I use virtualmin in order to manage the website, but the SSL certificates ae managed by me from certbot.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
./certbot-auto --version
certbot 1.4.0

2

I can't get an IP for that name either:
*** resolver1-fs.opendns.com can't find mobileappdisplay.olydri.com: Non-existent domain

3

Thank you for your answer,

Do you have any idea on why various people can access it, and other solver says that no A line is accessible ?

Here an extract of my DNS zone :

$ttl 38400
@ IN SOA ns3073891.ip-217-182-173.eu. root.ns3073891.ip-217-182-173.eu. (
1587825384
10800
3600
604800
38400 )
olydri.com. IN A 217.182.173.68
www.olydri.com. IN A 217.182.173.68

mobileappdisplay.olydri.com. IN A 217.182.173.68

Here is my CMD log :

C:\Users\basti>ping mobileappdisplay.olydri.com

Envoi d’une requête ‘ping’ sur mobileappdisplay.olydri.com [217.182.173.68] avec 32 octets de données :
Réponse de 217.182.173.68 : octets=32 temps=33 ms TTL=52
Réponse de 217.182.173.68 : octets=32 temps=32 ms TTL=52
Réponse de 217.182.173.68 : octets=32 temps=33 ms TTL=52
Réponse de 217.182.173.68 : octets=32 temps=33 ms TTL=52

Statistiques Ping pour 217.182.173.68:
Paquets : envoyés = 4, reçus = 4, perdus = 0 (perte 0%),
Durée approximative des boucles en millisecondes :
Minimum = 32ms, Maximum = 33ms, Moyenne = 32ms

4

The problem is within DNS.
You have to start at the top and work your way down.
Have a look at: https://dnssec-analyzer.verisignlabs.com/olydri.com
Your domain has two DNS servers and they are not synced with each other.

5

Thank you so much I will have a look why :slight_smile:

1 Like
6

And add more DNS servers (if you can).
DNS is very lightweight - you could run your own.

7

ns3073891.ip-217-182-173.eu serial (1587825385) is mine

sdns2.ovh.net serial (1587825374) is the one provided by OVH

I will try to see why it is not syncing …

8

Hi @CORBASE

see your result - https://check-your-website.server-daten.de/?q=mobileappdisplay.olydri.com

You have two name servers. But the ovh doesn’t know something about your domain.

So

  • sdns2.ovh.net should answer (or)
  • you should remove that name server from the delegation
9

Thank you Juergen, I am looking on that way this afternoon. I will let you know how I fix the problem !

10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.