unknownHost error despite valid DNS records (IMHO)

Hi guys,

it almost seems like the ACME is caching DNS records, it never happened to me before anywhere else, even after DNS change I was able to promptly acquire a cert.

First a had a CNAME of teamwork.roamability.com pointing to teamwork-proxy.roamability.com … that produced the urn:acme:error:unknownHost error as well … then I figured maybe CNAME is not followed to I changed it to direct A record, no luck still the same unknownHost record, I’m pretty certain the DNS is setup correctly but I still get the error.

Any ideas please?


$ host -t ns roamability.com
roamability.com name server ns18.domaincontrol.com.
roamability.com name server ns17.domaincontrol.com.
$ host -t A teamwork.roamability.com ns17.domaincontrol.com
Using domain server:
Name: ns17.domaincontrol.com
Address: 2607:f208:206::9#53

teamwork.roamability.com has address
$ host -t A teamwork.roamability.com ns18.domaincontrol.com
Using domain server:
Name: ns18.domaincontrol.com
Address: 2607:f208:302::9#53

teamwork.roamability.com has address

Please fill out the fields below so we can help you better.

My domain is: teamwork.roamability.com

I ran this command: I’m using caddy webserver but to replicate this issue I’ve just cooked up this:
letsencrypt certonly --logs-dir=/tmp --config-dir=/tmp --work-dir=/tmp --agree-tos --renew-by-default -d teamwork.roamability.com -a webroot --webroot-path=/tmp

It produced this output:

Failed authorization procedure. teamwork.roamability.com (http-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for teamwork.roamability.com
     - The following errors were reported by the server:

   Domain: teamwork.roamability.com
   Type:   unknownHost
   Detail: No valid IP addresses found for teamwork.roamability.com

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

My operating system is (include version): CentOS 7

My web server is (include version): Caddy

My hosting provider, if applicable, is: Amazon AWS (I tried running certbot elsewhere, same result)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

Hi Lukas

I have checked your domain name and it has a valid A record.


Do you have the log file. Should tell us what the message from letsencrypt server is

Hi Lukas

I have tried using https://zerossl.com to get a challenge (which will fail as i will not be able to authenticate)

Lets Encrypt can resolve your domain name so it’s the local client that’s having issues with DNS.

Screenshot below. Once again I havent tried to complete the challenge so you will still be able to register once you have sorted the DNS issues. is a private IP address (in the block). You won’t be able to use the http-01 or tls-sni-01 challenge types with a private IP address, though dns-01 is still an option. You can find the DNS challenge documentation for Caddy here.

1 Like

Thank you!

The mother of all facepalms :confounded: I was so focused on the error message saying it cannot find a valid A record it never occurred to me I copy-pasted a private IP of the Amazon AWS machine instead of the public one from the webinterface, DUH! I’m indeed in idiot :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.