Not able to setup SSL on linode using certbot?
I have configured DNS and when I do dig www.mydomain.com ANY
I am able to see all the records A, AAAA or CAA etc
Now if I do dig mydomain.com ANY
I am getting server timeout message. I am able to access website on mydomain.com and www.mydomain.com it is a react app with NGINX server for which I am trying to setup SSL using certbot.
certbot error message:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: www.mydomain.com
Type: caa
Detail: CAA record for www.mydomain.com prevents issuance
Domain: mydomain.com
Type: dns
Detail: DNS problem: SERVFAIL looking up A for mydomain.com - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for mydomain.com - the domain's nameservers may be malfunctioning
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
7 Replies
✓ Best Answer
Thank you! :-)
You have two problems:
First, the zone in the Linode DNS manager is named "www.deferapp.com
", but it should be named "deferapp.com
". As it is, deferapp.com
does not resolve, www.deferapp.com
resolves, and even www.www.deferapp.com
resolves.
I haven't tried it, but I think you can use the "Edit" button in the DNS manager to rename your zone. Failing that, I guess you could clone it and delete the old one.
Second, your CAA
records prevent Let's Encrypt from issuing certificates.
www.deferapp.com. 86400 IN CAA 0 issue "www.deferapp.com"
www.deferapp.com. 86400 IN CAA 0 issue "deferapp.com"
The domain in the CAA
issue
record should be the domain of a CA you want to allow to issue certificates, not the domain you want to issue certificates for. For Let's Encrypt, you need:
0 issue "letsencrypt.org"
What's your domain?
@mnordhoff0 mydomain.com
First, the zone in the Linode DNS manager is named "www.mydomain.com", but it should be named "mydomain.com". As it is, mydomain.com does not resolve, www.mydomain.com resolves, and even www.www.mydomain.com resolves.
Not able to understand how come mydomain.com and www.mydomain.com both working in browser then?
Good question. I don't know.
If you just changed to Linode DNS, you might have cached DNS records from your previous provider.
Your browser might be rewriting deferapp.com
to www.deferapp.com
.
You might have it in your hosts file or something.
You might have it in your hosts file or something.
I think nginx by default is doing that not sure.
If you just changed to Linode DNS, you might have cached DNS records from your previous provider.
No nothing like that doing everything for the first time :)
@mnordhoff0 If you don't mind can you change domain to mydomain.com Thanks :)