Why does it come out? help how to solve?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cs.isatel.tj

I ran this command: sudo certbot --nginx

It produced this output: DNS problem: NXDOMAIN looking up A for cs.isatel.tj - check
that a DNS record exists for this domain

My web server is (include version): nginx 1.10.3

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: isatel.tj

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

1 Like


Your host cs.isatel.tj doesn’t have any IP address / CNAME records, which is why it’s returning NXDOMAIN.
Please enter your desired IP address with A record for that subdomain in order for HTTP based validation to work.

Thank you


It’s possible that this name is used internally on your own network via an internal DNS service or a hosts file, but the name has to be publicly visible for the rest of the Internet in order for Let’s Encrypt to issue a certificate for it by this method.


Sorry, I’m new to this area. Please explain more simply what to do? what to write?

This name cs.isatel.tj isn’t visible on the Internet. You can’t get a certificate this way when the name isn’t visible to the rest of the world.

Who is responsible for running the isatel.tj domain?

1 Like

there is isatel.tj no such service as domain issuance on this site.
I don’t know where to get the original domain with an A or CNAME record. I live in Tajikistan, so by the way.

How did your server machine get to be called cs.isatel.tj? What did you do to make that happen? Who chose the name “cs”?

What’s your relationship to this domain name or organization? Is it a company where you work?

1 Like

I chose the name cs randomly, “invented it myself” is my test server and I build it on VMware. I thought if everything worked out for me, I’ll go to a real full-fledged server. I invented domains myself.


You have to have a “real” domain that is seeible by others on the Internet. “Made up” domains will not work. :wink:

@shohrukh, @JimPas’s explanation is correct—Let’s Encrypt isn’t able to issue certificates for names that you made up yourself. They have to be visible in the public DNS records, as displayed by the authoritative DNS server for the domain.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.