Let's Encrypt problem: NXDOMAIN looking up A for [domain name] Topic is solved

On various Hardware and OS systems: pi / windows / routers / nas, etc
Post Reply
sapnho
Posts: 52
Joined: Monday 27 August 2018 17:49
Target OS: Raspberry Pi
Domoticz version: V4.9962
Location: Frankfurt am Main
Contact:

Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by sapnho » Sunday 09 September 2018 21:23

I want to install a Let's Encrypt certificate on my Domoticz Raspberry Pi and followed the instructions at https://www.domoticz.com/wiki/Native_se ... ts_Encrypt.

However when I want to create the certificate with

Code: Select all

sudo /etc/letsencrypt/letsencrypt-auto certonly --webroot --email <your email> -d <your complete sub.domain name> -w <user home>/domoticz/www/
(email, URL and directory set) I always get this error message:
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: www.mydomain.dnshome.de
Type: None
Detail: DNS problem: NXDOMAIN looking up A for
www.mydomain.dnshome.de
Any idea how I can get it right? Thanks!

User avatar
EddyG
Posts: 313
Joined: Monday 02 November 2015 6:54
Target OS: Raspberry Pi
Domoticz version: 4.9999
Location: Rhenen, Netherlands
Contact:

Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by EddyG » Sunday 09 September 2018 21:42

The A-record of your (sub)domain should point to your Domoticz server.
Regards,
Eddy

sapnho
Posts: 52
Joined: Monday 27 August 2018 17:49
Target OS: Raspberry Pi
Domoticz version: V4.9962
Location: Frankfurt am Main
Contact:

Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by sapnho » Sunday 09 September 2018 22:04

I am using a DynDNS service and the A record points to the Fritzbox to which the RPi on which Domoticz is running is connected to. I guess that's not enough, is it? :?

PaulWebster
Posts: 8
Joined: Saturday 06 May 2017 18:32
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by PaulWebster » Monday 10 September 2018 8:35

Does it work without the "www." In front?

sapnho
Posts: 52
Joined: Monday 27 August 2018 17:49
Target OS: Raspberry Pi
Domoticz version: V4.9962
Location: Frankfurt am Main
Contact:

Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by sapnho » Monday 10 September 2018 8:59

Unfortunately not. This is what I get in response without the "www".

Code: Select all

sudo /etc/letsencrypt/letsencrypt-auto certonly --webroot --email myemail@gmail.com -d mydomain.dnshome.de -w /home/pi/domoticz/www/
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mydomain.dnshome.de
Using the webroot path /home/pi/domoticz/www for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mydomain.dnshome.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain.dnshome.de/.well-known/ ... u9BOhss2Wo: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: mydomain.dnshome.de
Type: unauthorized
Detail: Invalid response from
http://mydomain.dnshome.de/.well-known/ ... u9BOhss2Wo:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

PaulWebster
Posts: 8
Joined: Saturday 06 May 2017 18:32
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by PaulWebster » Monday 10 September 2018 10:22

That looks better.

Have you done the 2 steps concerning temporarily forwarding http/https and verifying that your server is listening on both?

sapnho
Posts: 52
Joined: Monday 27 August 2018 17:49
Target OS: Raspberry Pi
Domoticz version: V4.9962
Location: Frankfurt am Main
Contact:

Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by sapnho » Monday 10 September 2018 10:33

Hi Paul, thanks for your help!
Have you done the 2 steps concerning temporarily forwarding http/https
Could you elaborate what I have to do here?
and verifying that your server is listening on both?
Does this refer to the router ports listening to both 443 and 8080? If so, yes.

Any setting in Domoticz itself that I should check?

PaulWebster
Posts: 8
Joined: Saturday 06 May 2017 18:32
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by PaulWebster » Monday 10 September 2018 12:10

The port forwarding part is referring to changing settings in your internet-facing router to tell it that inbound (from the internet including all hackers) connection to http (port 80 tcp) and https (port 443 tcp) should go to your Domoticz server.
The instructions say that this should be done temporarily while getting the certificated connection established.
If you left it setup then you would leave your Domoticz server open to the internet for everyone to play with.

Configuring port forwarding is different for each router so you need to find out how it is done for yours and turn it off afterwards.

sapnho
Posts: 52
Joined: Monday 27 August 2018 17:49
Target OS: Raspberry Pi
Domoticz version: V4.9962
Location: Frankfurt am Main
Contact:

Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by sapnho » Monday 10 September 2018 12:14

Yes, I can confirm that port forwarding is set to 443 for HTTPS and 80 for HTTP on my router sending it to the IP of the Domoticz server.

I works fine when I access it, is just shows an insecure site, that's why I want to add a certificate to it.

PaulWebster
Posts: 8
Joined: Saturday 06 May 2017 18:32
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by PaulWebster » Monday 10 September 2018 13:38

Guessing here ... have you forwarded port 80 (outside) to port 8080 (your Domoticz server)?

sapnho
Posts: 52
Joined: Monday 27 August 2018 17:49
Target OS: Raspberry Pi
Domoticz version: V4.9962
Location: Frankfurt am Main
Contact:

Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by sapnho » Monday 10 September 2018 17:28

PaulWebster wrote:
Monday 10 September 2018 13:38
Guessing here ... have you forwarded port 80 (outside) to port 8080 (your Domoticz server)?
Hmm, where would I do that?

PaulWebster
Posts: 8
Joined: Saturday 06 May 2017 18:32
Target OS: Raspberry Pi
Domoticz version:
Contact:

Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by PaulWebster » Monday 10 September 2018 17:48

Some routers allow the port number to be changed when setting up a port forwarding connection.

I suggest this because you say that your Domoticz is running http on port 8080 but you had a 404/NotFound response on port 80.
So it looks like you have a different web server/application listening on port 80.
If there was nothing listening there (80) then you could reconfigure Domoticz to use 80 instead of 8080.

Note - I am not an expert in Domoticz and I do not use a 3rd-party certificate with it so others with practical experience might have a better idea for you

sapnho
Posts: 52
Joined: Monday 27 August 2018 17:49
Target OS: Raspberry Pi
Domoticz version: V4.9962
Location: Frankfurt am Main
Contact:

Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by sapnho » Monday 10 September 2018 21:41

I have now tried both port 80 as well as 8080. Same error message. I am a bit clueless as what to try next.

sapnho
Posts: 52
Joined: Monday 27 August 2018 17:49
Target OS: Raspberry Pi
Domoticz version: V4.9962
Location: Frankfurt am Main
Contact:

Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by sapnho » Monday 10 September 2018 22:26

FIXED!!

I found a long thread where it turned out that the firewall was the culprit and that an actual Let's Encrypt connection was never established.

In my case: Little Snitch was running. Once disabled, it worked! :D

PaulWebster
Posts: 8
Joined: Saturday 06 May 2017 18:32
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by PaulWebster » Monday 10 September 2018 22:47

Good news.
How did you set the port forwarding in the end?

sapnho
Posts: 52
Joined: Monday 27 August 2018 17:49
Target OS: Raspberry Pi
Domoticz version: V4.9962
Location: Frankfurt am Main
Contact:

Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]

Post by sapnho » Tuesday 11 September 2018 5:43

443 and 80.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest