Unable to get certificate - Type DNS

Hello,

I'm unable to get and configure certificates for a new webapp. Below are details:

Currently hosted domain (Godaddy) : passerel.ca

Domain name to get help : passerel.passerel.ca (DNS recorded for internal server - hosts file)

I ran the command certbot --apache

It produced this output:

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: passerel.passerel.ca
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for passerel.passerel.ca - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for passerel.passerel.ca - check that a DNS record exists for this domain

My web server is Apache/2.4.6 (CentOS)

The operating system my web server runs on is CentOs 7

My hosting provider is: GoDaddy

I can login to the hosted machine but with an account with no-root priviledges. For example, I can't restart Apache...

I'm using Linux Plesk cPanel.

The version of my client is 1.25.0

Thanks for your help. Would be appreciated.

It needs to be on your authoritative nameservers, on the public domain name system (DNS).

Otherwise the validation servers will never find it.

Thanks for your answer.
How to add it to authoritative nameservers ?
Regards,

Well, it is most commonly done from the control panel of whoever sold you the domain name.

(I say most commonly because you can change your DNS provider independently of your domain registrar.)

If it's intended to be a non-publicly-accessible server, then rather than adding the hostname to DNS you can use the DNS-01 challenge to just add a TXT record to the DNS server rather than needing to make the web server itself accessible. But details for how to do that depend on a lot on how well your DNS provider supports API-based updates, and what access you have to your system to run something. I'm surprised you are trying certbot at all if you don't have root access, as I didn't think that usually worked. If your hosting provider is setting up their control panel right it should just work and handle all DNS updates itself, but many hosting companies don't want to or don't know how to make supporting HTTPS easy.

I added the DNS as nameserver, but still have the same error message.

image969×64 2.86 KB

Is there a way to proceed ?
Regards,

It intended to make the server finally publicy-accessible, although it's currently hosted at home. I'm still having the error below:

image969×64 2.86 KB

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: passerel.passerel.ca
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for passerel.passerel.ca - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for passerel.passerel.ca - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

No, not as an NS record, that does something else.

Also, make sure the label is right, you probably should omit .passerel.ca from it.

If you have a dynamic dns provider already you should use a CNAME record.

If this is supposed to be a public site, then you're going about this backwards:

First, get the site working and publicly accessible to the Internet.

Second, work on adding HTTPS.

Doing it the other way around is going to make things much harder on yourself. Let's Encrypt needs to verify that you own the name you're looking for a certificate for, as seen by everyone on the Internet. So you need to establish ownership of the name first, and often the easiest way to do that is to have your site publicly visible.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.