Unable to get certificate for my subdomain api.aerohyre.com


while using a certbot I got the error

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: Domain: api.aerohyre.com Type: dns Detail: DNS problem: SERVFAIL looking up A for api.aerohyre.com - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for api.aerohyre.com - the domain's nameservers may be malfunctioning

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Enter image description here

I have already created a DNS record in Route 53

asked a year ago1381 views
2 Answers

Just to confirm, the screengrab is the R53 record for the hosted zone aerohyre.com, right?

The NS records for api.aerohyre.com are essentially delegating management of the subdomain to the hosted zone of that name. This means that the A record for api.aerohyre.com in the screengrab will never get referenced.

I believe that in the hosted zone for api.aerohyre.com you need to create an A record for the naked domain and point it to the IP address, then things should work the way you want them to.

There's a good knowledge article on creating subdomains here https://repost.aws/knowledge-center/create-subdomain-route-53 and accompanying video here https://www.youtube.com/watch?v=YHBnLJiKv0M&t=3s

profile picture
answered a year ago

As per RWC^^

Delete the NS records for api.aerohyre.com is not a valid record and is conflictig with your A record for api.aerohyre.com because your trying to treat it as a subdomain in the same zone.

If you want api as a sub zone you will need to create a new route 53 zone called api.aerohyre.com and point the NS records in aerohyre.com to the new nameservers of the api zone. There you can create the A record

profile picture
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions