certbot-route53 icon indicating copy to clipboard operation
certbot-route53 copied to clipboard

Published 20 hours ago verified publisher icon jed

No hosted zone found that matches domain or hostname

Open mslinn opened this issue 7 years ago • 5 comments

Here is certbot53, a script I wrote to use this project:

#!/bin/bash

#STAGING=--staging
CERT_DIR=/etc/pound/certbot
DOMAIN=scalacourses.com
MAIL_ADDR='[email protected]'
SCRIPT_NAME=certbot-route53.sh

if [ ! -d "$CERT_DIR/letsencrypt" ]; then sudo mkdir -p $CERT_DIR/letsencrypt; fi
sudo chmod 777 "$CERT_DIR/letsencrypt"

cd $CERT_DIR

if [ ! -f "$CERT_DIR/$SCRIPT_NAME" ]; then
  sudo curl -sL https://git.io/vylLx -o $SCRIPT_NAME
  sudo chmod a+x certbot-route53.sh
fi

./$SCRIPT_NAME \
  --agree-tos \
  --manual-public-ip-logging-ok \
  --domains $DOMAIN,www.$DOMAIN \
  --renew-by-default \
  --email $MAIL_ADDR $STAGING

PRIV_KEY="$CERT_DIR/letsencrypt/live/$DOMAIN/privkey.pem"
FULL_CHAIN="$CERT_DIR/letsencrypt/live/$DOMAIN/fullchain.pem"
COMBINED="$CERT_DIR/combined-for-pound.pem"
cat "$PRIV_KEY" "$FULL_CHAIN" | sudo tee "$COMBINED" > /dev/null

I have a Route 53 public hosted zone called scalacourses.com. and it defines entries for scalacourses.com and www.scalacourses.com. Following is output from running the script. I do not understand the error messages:

  • No hosted zone found that matches domain com or hostname scalacourses.com
  • No hosted zone found that matches domain scalacourses.com or hostname www.scalacourses.com 
./$SCRIPT_NAME \
  --agree-tos \
  --manual-public-ip-logging-ok \
  --domains $DOMAIN,www.$DOMAIN \
  --renew-by-default \
  --email $MAIL_ADDR $STAGING
+ ./certbot-route53.sh --agree-tos --manual-public-ip-logging-ok --domains scalacourses.com,www.scalacourses.com --renew-by-default --email [email protected] --staging
Saving debug log to /etc/pound/certbot/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for scalacourses.com
dns-01 challenge for www.scalacourses.com
Output from certbot-route53.sh:
No hosted zone found that matches domain com or hostname scalacourses.com

Hook command "/etc/pound/certbot/certbot-route53.sh" returned error code 1
Output from certbot-route53.sh:
No hosted zone found that matches domain scalacourses.com or hostname www.scalacourses.com

Hook command "/etc/pound/certbot/certbot-route53.sh" returned error code 1
Waiting for verification...
Cleaning up challenges
Output from certbot-route53.sh:
No hosted zone found that matches domain com or hostname scalacourses.com

Hook command "/etc/pound/certbot/certbot-route53.sh" returned error code 1
Output from certbot-route53.sh:
No hosted zone found that matches domain scalacourses.com or hostname www.scalacourses.com

Hook command "/etc/pound/certbot/certbot-route53.sh" returned error code 1
Failed authorization procedure. www.scalacourses.com (dns-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.scalacourses.com, scalacourses.com (dns-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.scalacourses.com

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.scalacourses.com
   Type:   connection
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.www.scalacourses.com

   Domain: scalacourses.com
   Type:   connection
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.scalacourses.com

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

mslinn avatar Feb 20 '18 18:02 mslinn

I just discovered that #11 is the source of the problem, and the same error occurs a second time (on line 31) in the script:

printf -v QUERY 'HostedZones[?Name == `%s.`]|[?Config.PrivateZone != `false`].Id' "${DOMAIN}"

should be:

printf -v QUERY 'HostedZones[?Name == `%s.`]|[?Config.PrivateZone == `false`].Id' "${DOMAIN}"

I submitted PR #13 which could either be applied overtop #11, or in place of #11.

mslinn avatar Feb 21 '18 22:02 mslinn

Hello,

unfortunately, I have this exact error with both of those lines already corrected.

dns-01 challenge for <extension.example.org> Output from certbot-route53.sh: No hosted zone found that matches domain <extension.example.org> or hostname <extension.example.org>

What could this be? I have a hosted zone named (staying in this example) "example.org.".

kkraemer42 avatar Mar 12 '18 15:03 kkraemer42

For me, hardcoding the right hosted zone made it work this time, so there seems to be a recognition error.

kkraemer42 avatar Mar 13 '18 08:03 kkraemer42

Without seeing your code I have no idea. Not volunteering to spend time doing that, however.

mslinn avatar Mar 15 '18 00:03 mslinn

Any progress on fixing this? I'm running into the same thing

zwolfinger avatar May 10 '18 15:05 zwolfinger