Unable to get certificate for nginx server


#1

Hi,

I am trying to install the letsencrypt certificate for making my website’s SSL compliant but I guess I have run into trouble. I have a nginx server and this is following commands that I have run:
service nginx stop

./letsencrypt-auto certonly \
-a standalone \
-d domain1 \
-d domain2 \
-d domain3 \
-d domain4 \
--server https://acme-v01.api.letsencrypt.org/directory 

Now once I run the above commands I am getting the following error:

Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly -a standalone -d www.rigpl.com -d rigpl.com -d rigb.rigpl.com -d ru.rigpl.com --server https://acme-v01.api.letsencrypt.org/directory
Failed authorization procedure. rigpl.com (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No IPv4 addresses found for rigpl.com, rigb.rigpl.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to host for DVSNI challenge, www.rigpl.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to host for DVSNI challenge, ru.rigpl.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to host for DVSNI challenge

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: domain1
   Type:   urn:acme:error:connection
   Detail: Failed to connect to host for DVSNI challenge

   Domain: domain2
   Type:   urn:acme:error:connection
   Detail: Failed to connect to host for DVSNI challenge

   Domain: domain3
   Type:   urn:acme:error:connection
   Detail: Failed to connect to host for DVSNI challenge
 - The following errors were reported by the server:

   Domain: domain4
   Type:   urn:acme:error:unknownHost
   Detail: No IPv4 addresses found for rigpl.com

Now I think domain4 is getting an error since its a naked domain and its not redirected properly but other than that I am unable to find a way to resolve the issue with domain1 to domain3.

Now I would like to tell the following:

  1. I am no trained web admin and hence I might be asking some silly questions.
  2. When I searched for this kind of error, I came to know about this issue on github and then I have tried to check DNSSEC settings in my domain and found they are not active and there is no way to activate the same as my domain is registered via Google Enom.
  3. I have asked enom support to activate DNSSEC but they are asking me about “Which DS record to be added to the domain” and now since I have no technical knowledge about the same and hence I am kind of confused as to how I could resolve this issue.

I would request someone to please help me resolve this issue and pardon me if this kind of question has already been asked.


#2

Hey @adityaduggal
I created a guide for setting up Nginx with Letsencrypt, using the letsencrypt.sh client. It’s working completely from start to finish.

Automating SSL Certificates using Nginx & Letsencrypt - Without the Catch-22

If you’re having issues using the official client, try using a third party client like I do in my blog post – I’m a huge fan of letsencrypt.sh