SSL Error using letsencrypt and self signed

scottyb · October 4, 2025, 11:10am

Cant get SSL to work with lets encrypt (Also fails on self signed)

Error: Let’s Encrypt validation status 400 (bdd.com.au). Details: 400:“DNS problem: query timed out looking up A for www.bdd.com.au; no valid AAAA records found for www.bdd.com.au”

If I make a AAAA record and point it to the IP the DNS seems to stop working using dnschecker

If you make a self signed certificate Error: SSL intermediate chain is not valid

DNS is stock standard what Hestia makes when adding a domain

My nameservers are set on my registar

DNS

Anyone have an idea how to get ssl working?

sahsanu · October 4, 2025, 12:29pm

In Hestia you must replace the NS records ns1.com.au and ns2.com.au with
the new ones; ns1.bdd.com.au and ns2.bdd.com.au. You must also add the A records for those new ns subdomains.

Regarding this issue, check this PR:

scottyb · October 5, 2025, 2:03am

Thankyou so much for your help. Strange it doesnt put the correct values up in the DNS zone. Pretty sure it used to a few years ago

sahsanu · October 5, 2025, 4:39am

I can see that the NS records have been modified, but there’s no response when querying your server for the A records of your NS servers.

❯ dig @139.84.194.14 bdd.com.au ns +short
ns2.bdd.com.au.
ns1.bdd.com.au.

❯ dig @139.84.194.14 ns1.bdd.com.au a +short
[No output]

❯ dig @139.84.194.14 ns2.bdd.com.au a +short
[No output]

Also, the SOA record still lists ns1.com.au as the primary DNS server instead of ns1.bdd.com.au.

❯ dig @139.84.194.14 bdd.com.au soa +short
ns1.com.au. root.bdd.com.au. 2025100506 7200 3600 1209600 180

scottyb · October 5, 2025, 8:56am

Kinda odd

On the bright side ssl is working now

sahsanu · October 5, 2025, 9:31am

NS records should not point to IPs. These records are wrong, just remove them:

system · November 4, 2025, 9:32am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.