DNS record for <domain> doesn't exist

Ok, so I’m setting up a second Hestia box (yay for me), but running into problems whenever trying to add a LE SSL certificate. I’ve read all the other forum posts about this error message, but not finding anything that fits the problem.

So far I’ve gotten the host SSL working using v-add-letsencrypt-host from SSH. I’ve added a few websites, each with their own DNS records but initially without SSH until the nameservers have updated. When editing the website record and attempting to add SSL via Let’s Encrypt, I’m getting ‘DNS record for doesn’t exist’ for every domain, including those with mail enabled where I’m trying to add SSL for mail too.

Given I didn’t hit these problems with the first Hestia box I set up last week (exactly same hardware / software spec), I’m wondering whether the DNS is somehow corrupt? Each domain definitely has a full set of DNS records on the same server.

The host DNS record is setup as child-ns and all the others are default. All sites are under the admin account. Could that be the issue?

Thanks,

Pete

DNS takes some time to update this…

Please check if the records have been updated

Hi Eris,

Yup, should have mentioned that I’d checked that. I’d waited for the whole world to give me a green tick before trying to add the SSL.

Thanks for super-fast reply, btw.

Pete

It does a nslookup domain.tld on your server, to validate if the record exists. Would suggest to run it over ssh and validate the reply.

Hi ScIT,

Happy Christmas!

I tried v-add-letsencrypt-domain admin [domain] and it came back with
Error: DNS record for [domain] doesn’t exist

Pete

Ok, an nslookup [domain] comes back with:

Server:		127.0.0.53
Address:	127.0.0.53#53

** server can't find [domain]: SERVFAIL

But, this works:

nslookup google.com

Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: google.com
Address: 172.217.20.78
Name: google.com
Address: 2a00:1450:400e:80a::200e

It’s a local dns issue, probaly suggest to take other, external dns servers like cloudflare or similar. Probaly a nslookup domain.tld 1.1.1.1 would give a valid reply.

Think you’re probably right. After adding Cloudflare I can add the Lets Encrypt certificate using v-add-letsencrypt-domain - however, can’t seem to add a cert to the mail domain (either through the Hestia GUI or v-add-letsencrypt-domain mail.domain.tld).

What is your error there?

Same as before - ‘DNS record for [domain] doesn’t exist’ in GUI. On he command line I get ‘Error: web domain mail.domain.tld doesn’t exist’, but that’s unsurprising as ‘mail.’ isn’t a web domain (is there an equivalent to v-add-letsencrypt-domain to secure mail?).

Pete

As you get informed with this checkbox, please check the dns records exists:
image

You just don’t have any valid record for mail.domain.tld :slight_smile:.

Check how the mail is configured on our demo: https://demo.hestiacp.com:8083/edit/mail/?domain=hestiacp.xyz

Hi ScIT, but I do – and that’s what’s confusing. I set this second Hestia install up just like the first with default DNS entries when creating the zones (which includes mail. and webmail.) - works on my first server, not on the second. Exact same hardware & software config. Do you think it’s worth deleting the zone(s) and recreating them, or would that cause more problems than it’s intended to fix?

Pete

Have you created a dns cluster? DNS zones works only, if you have a dns cluster and used them as nameserver for your domain. it sounds more that you use a external provider for your dns, you need to add them probaly there.

Also check where the DNS record(s) are pointing at. They should point to the IP of the server, not just any IP.

Merry Christmas everyone !

Hi ScIT, not using a DNS cluster since the sites on server 1 are completely separate from server 2. I’m now using Cloudflare for everything but the host domain, and when you first set that up it copies the existing records - so it also has mail. & webmail., etc.

Felix - yup, definitely pointing at the correct IP :wink: And Merry Christmas!

Pete

BTW, SOA on these DNS records is (now) set to Cloudfare’s Nameserver. Is that the right thing to do?