Unable to issue Certificate - DNS Problem: NXDOMAIN looking u A for [domain]

NavyPixel · March 18, 2020, 3:13am

I asm looking after a customers website, the domain is hosted by 123-reg and i beleive is using nameservers and a few DNS entries to office365 (i actually never used office365 before so i have not much clue what its doiung here aparat from managing emails!?) it should then point to my hosting account at 149.255.60.185 the domain is: www.jlcrecruitmentandcare.co.uk.

I ran this command: Plesk cert install

It produced this output:

Could not issue an SSL/TLS certificate for jlcrecruitmentandcare.co.uk
Details

Could not issue a Let's Encrypt SSL/TLS certificate for jlcrecruitmentandcare.co.uk . Authorization for the domain failed.
Details

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/3421028322.

Details:

Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: Fetching http://www.jlcrecruitmentandcare.co.uk/.well-known/acme-challenge/2WPPrEQEtVMGs4efUOXx9SCmlksXBafLPEM3MTAgMjg: DNS problem: NXDOMAIN looking up A for www.jlcrecruitmentandcare.co.uk - check that a DNS record exists for this domain

My web server is (include version): Plesk Obsidian 18.0.24

The operating system my web server runs on is (include version): os_CentOS 7

I can login to a root shell on my machine (yes or no, or I don't know): dont know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes plesk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

when i try to install the free cert it gives me the above error.

i am asking whether there is a login somewhere for office 365 admin from my customer but im hoping its something i have either missed or mistaken.

any help appreciated

_az · March 18, 2020, 3:40am

When you switched your nameservers from 123-reg to Office365, you had to bring all of your previous DNS records with you.

e.g. You had to see that you had a www record at 123-reg, something like this:

www.jlcrecruitmentandcare.co.uk. 14400 IN A     149.255.60.185

and you have to re-create the same records in the Office365 DNS manager. Ditto for every other DNS record you had before (except MX).

What happened is that your website can no longer be resolved, because Office365 isn’t telling anybody where your website can be found.

_az · March 18, 2020, 3:41am

Additionally, you currently have a mix of nameservers:

jlcrecruitmentandcare.co.uk. 172800 IN  NS      ns1.bdm.microsoftonline.com.
jlcrecruitmentandcare.co.uk. 172800 IN  NS      ns2.bdm.microsoftonline.com.
jlcrecruitmentandcare.co.uk. 172800 IN  NS      ns.123-reg.co.uk.
jlcrecruitmentandcare.co.uk. 172800 IN  NS      ns2.123-reg.co.uk.

You need to get rid of one set. So you are either fully committed to using 123-reg, or fully committed to using Office365’s. Don’t use both.

9peppe · March 18, 2020, 8:37am

unless one set can behave as slaves

NavyPixel · March 19, 2020, 3:22pm

thank you for the help, managed to copy all the DNS over to office365 and now cert is being issued.

system · April 18, 2020, 3:22pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.