Trying to get certs for GoDaddy domain through DynDNS ddns

I’m trying to get certs for a newly-purchased actual domain I’ve recently purchased. The domain is GoDaddy but the DNS is provided by DynDNS. There’s a 301 redirect from the GoDaddy domain to the DynDNS host. Certs on the DynDNS host have worked before, so I’m thinking the issue is at the GoDaddy end. Not sure what to do here.

My domain is: jayflix.xyz AND jayflix.homedns.org (301 from jayflix.xyz on GoDaddy to jayflix.homedns.org on dyn.com)

I ran this command: certbox --nginx
— names input: jayflix.xyz,www.jayflix.xyz,jayflix.homedns.org

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): jayflix.xyz,www.jayflix.xyz,jayflix.homedns.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jayflix.xyz
http-01 challenge for www.jayflix.xyz
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. jayflix.xyz (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://jayflix.xyz/.well-known/acme-challenge/FieumtHpHvZAZIgExSchEP0Zrh10JbSb8PCDI9p9MdE: Timeout during connect (likely firewall problem), www.jayflix.xyz (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.jayflix.xyz/.well-known/acme-challenge/3g87WgRxbLHWJdQGbddDhB4JXavY_O0HkDF7Fvd6jAA: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

My web server is (include version): nginx 1.14.2

The operating system my web server runs on is (include version): Raspbian Buster

My hosting provider, if applicable, is: n/a - self-hosted

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

1 Like

DNS resolves the shorter name to IP: 184.168.131.241
Which is a GoDaddy IP, but there is nothing responding at that IP.
[not on port 80 and not on port 443]

This does NOT appear to be a currently accurate statement:

The authoritative nameservers for jayflix.xyz are from GoDaddy:

nslookup -q=ns jayflix.xyz. x.nic.xyz.
jayflix.xyz     nameserver = ns25.domaincontrol.com
jayflix.xyz     nameserver = ns26.domaincontrol.com
1 Like

I just figured out I needed to add a CNAME for www. That works. Certbot now only fails on jayflix.xyz. I’m trying to figure out how to fix that one, but if any tips would be appreciated.

1 Like

If GoDaddy allows CNAME on APEX (root/entire domain), you can just send the whole thing to the longer name.

Otherwise, you may need to catch the short name with an HTML page and redirect within that.

1 Like

Added a * CNAME for the root, because GoDaddy is weird. Now I have to wait because I’ve hit the failed verifications rate limit. I’ll check back in an hour.

Agreed but I still don’t see the IP changed:
Both authtoritative nameserver still say 184.168.131.241

nslookup -q=a jayflix.xyz. ns25.domaincontrol.com.
nslookup -q=a jayflix.xyz. ns26.domaincontrol.com.

And to make matters worse…
Now the WWW resolves to “empty”

You may need to talk with them (review their docs)…
But I think in order to CNAME an APEX record, you can’t have any other records in that zone (NONE).
Only the single root CNAME entry.

1 Like

Yeah, I’m seeing that. I’ve solved a very similar problem before in a previous job, but I don’t at all remember how. I’ll need to do some research.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.