Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to renewing my LetsEncrypt Lightsail cert - DNS out of whack?

0

I have been following the documentation to renew my SSL certificate.

When I run this:

sudo /opt/bitnami/letsencrypt/lego --tls --email="rbemail@gmail.com" --domains="rockybowls.com.au" --domains="www.rockybowls.com.au" --path="/opt/bitnami/letsencrypt" renew

I get the following error:

2024/11/12 13:37:22 error: one or more domains had a problem:[www.rockybowls.com.au] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.rockybowls.com.au - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.rockybowls.com.au - check that a DNS record exists for this domain, url:

I have an A record for www.rockybowls.com.au pointing to my Lightsail instance IP.

What am I missing?

Topics
ComputeSecurity, Identity, & ComplianceNetworking & Content Delivery
Tags
AWS Certificate ManagerAmazon Route 53Domain Name System (DNS)Amazon Lightsail
Language
English
asked a year ago127 views
1 Answer
0

It appears that there might be an issue with your DNS configuration for the domain www.rockybowls.com.au. Even though you've set up an A record pointing to your Lightsail instance IP, the error message suggests that the DNS lookup is failing.

Here are a few steps you can take to troubleshoot and resolve this issue:

  1. Double-check your DNS records:

Verify that the A record for www.rockybowls.com.au is correctly set up in your DNS zone. Ensure you also have an A record for the root domain (rockybowls.com.au).

2.Check DNS propagation:

Use online DNS lookup tools like dnschecker.org or whatsmydns.net to check if the records are visible from different locations. DNS changes can take up to 48 hours to fully propagate, so you may need to wait if changes were recently made.

  1. Verify your domain registration:

Make sure your domain registration is active and hasn't expired.

  1. Check for CNAME conflicts:

If you have a CNAME record for www.rockybowls.com.au, it might conflict with the A record. Remove any conflicting CNAME records.

5.Test DNS resolution:

Use the 'nslookup' or 'dig' command to check if the domain resolves correctly from your local machine and other networks.

  1. Consider using the DNS challenge:

If the TLS challenge continues to cause issues, try using the DNS challenge method for Let's Encrypt certificate renewal instead.

If the issue persists after checking these points, you may need to contact your domain registrar or DNS provider for further assistance. They can help verify if there are any issues with your domain's DNS configuration. Remember that Let's Encrypt certificates are valid for 90 days, so it's important to resolve this issue before your current certificate expires to avoid any service interruptions.
Sources
Secure your Lightsail Nginx website with Let's Encrypt SSL/TLS - Amazon Lightsail
Enable encrypted communication for Lightsail resources with Let's Encrypt - Amazon Lightsail
View SSL/TLS certificates for Lightsail distributions - Amazon Lightsail

answered a year ago
AWS
SUPPORT ENGINEER
reviewed a year ago
AWS
SUPPORT ENGINEER
revised a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content