Page 1 of 1
Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Sunday 09 September 2018 21:23
by sapnho
I want to install a Let's Encrypt certificate on my Domoticz Raspberry Pi and followed the instructions at
https://www.domoticz.com/wiki/Native_se ... ts_Encrypt.
However when I want to create the certificate with
Code: Select all
sudo /etc/letsencrypt/letsencrypt-auto certonly --webroot --email <your email> -d <your complete sub.domain name> -w <user home>/domoticz/www/
(email, URL and directory set) I always get this error message:
Any idea how I can get it right? Thanks!
Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Sunday 09 September 2018 21:42
by EddyG
The A-record of your (sub)domain should point to your Domoticz server.
Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Sunday 09 September 2018 22:04
by sapnho
I am using a DynDNS service and the A record points to the Fritzbox to which the RPi on which Domoticz is running is connected to. I guess that's not enough, is it?
Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Monday 10 September 2018 8:35
by PaulWebster
Does it work without the "www." In front?
Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Monday 10 September 2018 8:59
by sapnho
Unfortunately not. This is what I get in response without the "www".
Code: Select all
sudo /etc/letsencrypt/letsencrypt-auto certonly --webroot --email [email protected] -d mydomain.dnshome.de -w /home/pi/domoticz/www/
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mydomain.dnshome.de
Using the webroot path /home/pi/domoticz/www for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mydomain.dnshome.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from
http://mydomain.dnshome.de/.well-known/ ... u9BOhss2Wo: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mydomain.dnshome.de
Type: unauthorized
Detail: Invalid response from
http://mydomain.dnshome.de/.well-known/ ... u9BOhss2Wo:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Monday 10 September 2018 10:22
by PaulWebster
That looks better.
Have you done the 2 steps concerning temporarily forwarding http/https and verifying that your server is listening on both?
Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Monday 10 September 2018 10:33
by sapnho
Hi Paul, thanks for your help!
Have you done the 2 steps concerning temporarily forwarding http/https
Could you elaborate what I have to do here?
and verifying that your server is listening on both?
Does this refer to the router ports listening to both 443 and 8080? If so, yes.
Any setting in Domoticz itself that I should check?
Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Monday 10 September 2018 12:10
by PaulWebster
The port forwarding part is referring to changing settings in your internet-facing router to tell it that inbound (from the internet including all hackers) connection to http (port 80 tcp) and https (port 443 tcp) should go to your Domoticz server.
The instructions say that this should be done temporarily while getting the certificated connection established.
If you left it setup then you would leave your Domoticz server open to the internet for everyone to play with.
Configuring port forwarding is different for each router so you need to find out how it is done for yours and turn it off afterwards.
Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Monday 10 September 2018 12:14
by sapnho
Yes, I can confirm that port forwarding is set to 443 for HTTPS and 80 for HTTP on my router sending it to the IP of the Domoticz server.
I works fine when I access it, is just shows an insecure site, that's why I want to add a certificate to it.
Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Monday 10 September 2018 13:38
by PaulWebster
Guessing here ... have you forwarded port 80 (outside) to port 8080 (your Domoticz server)?
Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Monday 10 September 2018 17:28
by sapnho
PaulWebster wrote: ↑Monday 10 September 2018 13:38
Guessing here ... have you forwarded port 80 (outside) to port 8080 (your Domoticz server)?
Hmm, where would I do that?
Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Monday 10 September 2018 17:48
by PaulWebster
Some routers allow the port number to be changed when setting up a port forwarding connection.
I suggest this because you say that your Domoticz is running http on port 8080 but you had a 404/NotFound response on port 80.
So it looks like you have a different web server/application listening on port 80.
If there was nothing listening there (80) then you could reconfigure Domoticz to use 80 instead of 8080.
Note - I am not an expert in Domoticz and I do not use a 3rd-party certificate with it so others with practical experience might have a better idea for you
Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Monday 10 September 2018 21:41
by sapnho
I have now tried both port 80 as well as 8080. Same error message. I am a bit clueless as what to try next.
Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Monday 10 September 2018 22:26
by sapnho
FIXED!!
I found a long thread where it turned out that the firewall was the culprit and that an actual Let's Encrypt connection was never established.
In my case: Little Snitch was running. Once disabled, it worked!
Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Monday 10 September 2018 22:47
by PaulWebster
Good news.
How did you set the port forwarding in the end?
Re: Let's Encrypt problem: NXDOMAIN looking up A for [domain name]
Posted: Tuesday 11 September 2018 5:43
by sapnho
443 and 80.