problem statement
I am in the process to create a certificate for my domain with the help of certbot. same procedure I tried for other environments, from the same machine, and for the same domain. but today I am unable to create a certificate.
steps taken (same steps I took for other environments in past for same domain and it works fine)
please note my domain is registered domain nameAzurezure
certbot -d api.stg.<my domain> --manual --preferred-challenges dns certonly
this command provide me text record. this txt record i added in my AZure DNS zone with key _acme-challenge.api.stg
when I click enter I get the following error
Failed authorization procedure. api.stg.<my domain> (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up CAA for api.stg.<my domain>
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: api.stg.<my domain>
Type: None
Detail: DNS problem: SERVFAIL looking up CAA for
api.stg.<my domain>
you need to create CAA dns record for Azure DNS hosted (or any other) domain zones for lets encrypt to work. Here's example powershell (cannot be done in portal as of now):
New-AzDnsRecordSet -Name # -ResourceGroupName %rg% -ZoneName %zone% -Ttl 3600 -RecordType CAA `
-DnsRecords (New-AzDnsRecordConfig -Caaflags 0 -CaaTag "issue" -CaaValue "letsencrypt.org")
Related
I need to install Let's Encrypt Certificate for https to localhost, for development reason,
I mapped localhost to dev.{ MyDomain }.com in file /etc/hosts, but when I run
certbot certonly --manual
and I set dev.{ MyDomain }.com
I get this error:
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: dev.{ MyDomain }.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for dev.{ MyDomain }.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for dev.{ MyDomain }.com - check that a DNS record exists for this domain
Hint: The Certificate Authority failed to verify the manually created challenge files. Ensure that you created these in the correct location.
Some challenges have failed.
off course I have the correct string when I make a http request to http://dev.{ MyDomain }.com/.well-known/acme-chellenge/<challeng-file>
I would like to create an SSL certificate using certbot for subdomains pointing to my domain. But upon generating the command below, I am receiving this error: certbot.errors.PluginError: Unable to find a Route53 hosted zone for _acme-challenge.hello.example.com
Here's the command:
sudo certbot certonly -d hello.example.com --dns-route53 -n --agree-tos --non-interactive --server https://acme-v02.api.letsencrypt.org/directory -i apache
Main subdomain: my.subdomain.com
Other subdomains:
hello.example.com -> CNAME to secure.subdomain.com
world.another-example.com -> CNAME to secure.subdomain.com
So visiting these subdomains should show the my.subdomain.com webpage with their corresponding SSL certificate.
This error usually occurs when you have valid AWS credentials, but your domain is not listed in Route53 of that AWS account.
Check ~/.aws/credentials file - does it contain credentials for particular aws account with this hosted-zone
It should be default profile. e.x.
[default]
aws_access_key_id = your_aws_id_hosted_zone
aws_secret_access_key = your_aws_secret_hosted_zone
following problem:
My webpage example.eu works perfect with SSL connection certified by certbot with apache on ubuntu VPS. If I now enter www.example.eu Firefox says "Your connection is not secure" and "The certificate is only valid for example.eu". The domain is hosted with a different service-provider than the VPS.
First attempt was to direct A-records of the subdomain www.example.eu to the same IP (VPS) as example.eu. Same problem.
Next attempt was to create a CNAME-record for www.example.eu that directs to example.eu. Same problem.
Now I am out of ideas. What can I do?
Thanks in advance and best regards from Germany, Joachim
Ok, I got it now. Problem was with apache/certbot on the VPS:
I checked the virtual host:
sudo nano /etc/apache2/sites-available/example.eu.conf
it showed
ServerName example.eu
ServerAlias www.example.eu
So no issue here. But certbot seemed to be only configured for example.eu.
ls /etc/letsencrypt/live
So I had to
sudo certbot --apache -d www.example.eu
and configure the A-record of the www subdomain to point to the IP of the VPS and: works :)
I'm using pythonanywhere.com to host a website, and I bought a domain "aquienvoto.uy", in my dns provider I created the following CNAME record:
And I get the following error at pythonanywhere.com...
If I run dig command this is what I get...
www.aquienvoto.uy. 3600 IN CNAME webapp-543799.pythonanywhere.com.aquienvoto.uy.
What I'm doing wrong?
I got an answer from nic.com.uy, the domain provider. I was missing a '.' at the end, correct configuration is webapp-543799.pythonanywhere.com.
I have a domain bought from GoDaddy. I have set the custom name servers this
ns1.domain.com
ns2.domain.com
and set hostname
ns1 52.70.xxx.xxx(aws ip)
ns2 52.70.xxx.xxx (aws ip)
As I have installed WHM in my amazon aws instance. so In WHM, I have created an account and then went to Edit DNS Zone and added A records. These are my settings there
But I don't see my domain working and I am not able to see Cpanel of the domain as well.
what am I missing?
Please follow these steps to integrate your domain into whm and create a cpanel.
Create an account in WHM by going into Account Functions->Create Account: enter your domain here
Go to DNS Functions->Edit Dns Zone and click your domain and add A records
Then Go to Godaddy or any Company where you have purchased your domain and edit the name servers. For example if the nameservers you set in whm dns were ns1 and ns2 then same add here(e.g godaddy). In your case it would be
ns1.domain.com
ns2.domain.com
Click Manage hostname in Godaddy and add
ns1 52.70.xxx.xxx(aws ip)
ns2 52.70.xxx.xxx (aws ip)
Your domain should be working here. But If still It didn't work then
Check if ports(2087,2083,53,2095) are open. Check it from the terminal
nmap -Pn -sT 172.31.iphere --reason -p 2087,2083,2095,53
If any port is closed. Open it from the aws by going into Security Firewall.
Please note, 2083 and 2095 will always show as closed from external port scans as these ports are only opened publicly based on valid sessions established from within the cPanel server.
Verify again if your DNS port is opened
nmap -Pn -sT 172.31.iphere --reason -sU -p 53
After opening all the ports rebuilt your DNS configuration on the server by typing these commands on the terminal
cpanel root#9449099 /var/named]cPs# cd /etc
cpanel root#9449099 /etc]cPs# mkdir /root/cptechs
cpanel root#9449099 /etc]cPs# mv named.conf /root/cptechs
cpanel root#9449099 /etc]cPs# mv rndc.* /root/cptechs
cpanel root#9449099 /etc]cPs# /scripts/rebuilddnsconfig
Hope it helps
Are you using Nameservers for domain.com that are ns1/2.domain.com?
If this is the case the domain will not be able to resolve without adding the ns1/2. as "Child Nameservers".
You can create that for your domain through GoDaddy https://uk.godaddy.com/help/add-my-own-host-names-as-nameservers-12320
Alternatively - you can post your domain so we can troubleshoot it if it's a DNS issue.