Unable to get the first SSH certifcate

after running the below command, in few mins it is getting errored out saying the below message:

docker-compose -f docker-compose.deploy.yml run --rm certbot /opt/certify-init.sh

Error Message:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: djangotest.aevolveai.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for djangotest.aevolveai.com - check that a DNS record exists for this domain; DNS problem:
NXDOMAIN looking up AAAA for djangotest.aevolveai.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot.
Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

You can only get a certificate for hostnames that actually exist in the DNS, which is not the case for the subdomain djangotest.

Also, what exactly is an "SSH certificate"? Don't you mean "SSL", the old name for TLS?


Perhaps "an SSL certificate to use with SSH" ?


Sure, but what are those? AFAIK SSH doesn't use certs at all.


It does, actually, though they don't seem to be very well-known:

...though that's highly unlikely to be what OP is asking about.


I was actually reading this blog Django Docker Deployment with HTTPS using Letsencrypt – London App Developer
and trying to implement it at my end. But getting issues at highlighted step shown in the picture.

Not sure why that guide would purposely fix the version of Certbot to a rather old version :roll_eyes:

Anyway, so no SSH here, just plain old TLS certificates. Please refer to my first post regarding your hostname :slight_smile:


below is my route53. Do you think there is something wrong here?

And this is my instance

It seems your domain is hosted by GoDaddy, not Amazon.


yes..will it not work?
is it mandatory that I have to create a domain only from Amazon to work?

Route53 = Amazon. If your domain is hosted by GoDaddy, any chance you're making in the Route53 interface won't be reflected at the GoDaddy interface, so you're making those changes at Route53 for nothing.

I'm not sure why you're managing your domain at Route53 if it's serviced by GoDaddy?


I am actually not sure how this works. I am new to this networking and have no knowledge about this.
I am planning to deploy my django app using docker in aws. Any chance how to fix this?

Do i need to do domain transfer?

In theory, it should be possible to have a separate DNS registar and DNS service provider. In your case, currently GoDaddy seems to be both. I think you have a few options, other volunteers may correct or supplement me:

  • Keep GoDaddy your domain registar, but change DNS service provider to Route53. This is only possible of GoDaddy allows you to set the nameservers in the TLD nameservers to something else than GoDaddys own nameservers;
  • Transfer your domain to Route53 entirely;
  • Keep everything at GoDaddy and simply edit your domains DNS zone in the GoDaddy interface.

The first might be possible, but also the most difficult. The last option is the most simple: no changes required, you just need to log in to the GoDaddy interface for DNS changes instead Route53. The second option is also always a possibility, but why would you?


Thanks for your advice Osiris,

I will give a thought about these three points and will make the decision..

Thanks for your help

1 Like

You can always start with option three (edit your DNS zone at GoDaddy instead of Route53) and if that doesn't work out, you can always keep options 1 and 2 in mind. No need to make drastic decisions immediately.


got it :+1:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.