Unable to issue Certificate - DNS Problem: NXDOMAIN looking u A for [domain]

I asm looking after a customers website, the domain is hosted by 123-reg and i beleive is using nameservers and a few DNS entries to office365 (i actually never used office365 before so i have not much clue what its doiung here aparat from managing emails!?) it should then point to my hosting account at the domain is: www.jlcrecruitmentandcare.co.uk.

I ran this command: Plesk cert install

It produced this output:

Could not issue an SSL/TLS certificate for jlcrecruitmentandcare.co.uk

Could not issue a Let’s Encrypt SSL/TLS certificate for jlcrecruitmentandcare.co.uk . Authorization for the domain failed.

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/3421028322.


Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: Fetching http://www.jlcrecruitmentandcare.co.uk/.well-known/acme-challenge/2WPPrEQEtVMGs4efUOXx9SCmlksXBafLPEM3MTAgMjg: DNS problem: NXDOMAIN looking up A for www.jlcrecruitmentandcare.co.uk - check that a DNS record exists for this domain

My web server is (include version): Plesk Obsidian 18.0.24

The operating system my web server runs on is (include version): os_CentOS 7

I can login to a root shell on my machine (yes or no, or I don’t know): dont know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes plesk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

when i try to install the free cert it gives me the above error.

i am asking whether there is a login somewhere for office 365 admin from my customer but im hoping its something i have either missed or mistaken.

any help appreciated

1 Like

When you switched your nameservers from 123-reg to Office365, you had to bring all of your previous DNS records with you.

e.g. You had to see that you had a www record at 123-reg, something like this:

www.jlcrecruitmentandcare.co.uk. 14400 IN A

and you have to re-create the same records in the Office365 DNS manager. Ditto for every other DNS record you had before (except MX).

What happened is that your website can no longer be resolved, because Office365 isn’t telling anybody where your website can be found.


Additionally, you currently have a mix of nameservers:

jlcrecruitmentandcare.co.uk. 172800 IN  NS      ns1.bdm.microsoftonline.com.
jlcrecruitmentandcare.co.uk. 172800 IN  NS      ns2.bdm.microsoftonline.com.
jlcrecruitmentandcare.co.uk. 172800 IN  NS      ns.123-reg.co.uk.
jlcrecruitmentandcare.co.uk. 172800 IN  NS      ns2.123-reg.co.uk.

You need to get rid of one set. So you are either fully committed to using 123-reg, or fully committed to using Office365’s. Don’t use both.

1 Like

unless one set can behave as slaves

thank you for the help, managed to copy all the DNS over to office365 and now cert is being issued.