Skip to content
This repository has been archived by the owner on Mar 3, 2023. It is now read-only.

No hosted zone found that matches domain or hostname #12

Open
mslinn opened this issue Feb 20, 2018 · 5 comments
Open

No hosted zone found that matches domain or hostname #12

mslinn opened this issue Feb 20, 2018 · 5 comments

Comments

@mslinn
Copy link
Contributor

mslinn commented Feb 20, 2018
edited

Here is certbot53, a script I wrote to use this project:

#!/bin/bash

#STAGING=--staging
CERT_DIR=/etc/pound/certbot
DOMAIN=scalacourses.com
MAIL_ADDR='[email protected]'
SCRIPT_NAME=certbot-route53.sh

if [ ! -d "$CERT_DIR/letsencrypt" ]; then sudo mkdir -p $CERT_DIR/letsencrypt; fi
sudo chmod 777 "$CERT_DIR/letsencrypt"

cd $CERT_DIR

if [ ! -f "$CERT_DIR/$SCRIPT_NAME" ]; then
  sudo curl -sL https://git.io/vylLx -o $SCRIPT_NAME
  sudo chmod a+x certbot-route53.sh
fi

./$SCRIPT_NAME \
  --agree-tos \
  --manual-public-ip-logging-ok \
  --domains $DOMAIN,www.$DOMAIN \
  --renew-by-default \
  --email $MAIL_ADDR $STAGING

PRIV_KEY="$CERT_DIR/letsencrypt/live/$DOMAIN/privkey.pem"
FULL_CHAIN="$CERT_DIR/letsencrypt/live/$DOMAIN/fullchain.pem"
COMBINED="$CERT_DIR/combined-for-pound.pem"
cat "$PRIV_KEY" "$FULL_CHAIN" | sudo tee "$COMBINED" > /dev/null

I have a Route 53 public hosted zone called scalacourses.com. and it defines entries for scalacourses.com and www.scalacourses.com. Following is output from running the script. I do not understand the error messages:

  • No hosted zone found that matches domain com or hostname scalacourses.com
  • No hosted zone found that matches domain scalacourses.com or hostname www.scalacourses.com
./$SCRIPT_NAME \
  --agree-tos \
  --manual-public-ip-logging-ok \
  --domains $DOMAIN,www.$DOMAIN \
  --renew-by-default \
  --email $MAIL_ADDR $STAGING
+ ./certbot-route53.sh --agree-tos --manual-public-ip-logging-ok --domains scalacourses.com,www.scalacourses.com --renew-by-default --email [email protected] --staging
Saving debug log to /etc/pound/certbot/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for scalacourses.com
dns-01 challenge for www.scalacourses.com
Output from certbot-route53.sh:
No hosted zone found that matches domain com or hostname scalacourses.com

Hook command "/etc/pound/certbot/certbot-route53.sh" returned error code 1
Output from certbot-route53.sh:
No hosted zone found that matches domain scalacourses.com or hostname www.scalacourses.com

Hook command "/etc/pound/certbot/certbot-route53.sh" returned error code 1
Waiting for verification...
Cleaning up challenges
Output from certbot-route53.sh:
No hosted zone found that matches domain com or hostname scalacourses.com

Hook command "/etc/pound/certbot/certbot-route53.sh" returned error code 1
Output from certbot-route53.sh:
No hosted zone found that matches domain scalacourses.com or hostname www.scalacourses.com

Hook command "/etc/pound/certbot/certbot-route53.sh" returned error code 1
Failed authorization procedure. www.scalacourses.com (dns-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.scalacourses.com, scalacourses.com (dns-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.scalacourses.com

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.scalacourses.com
   Type:   connection
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.www.scalacourses.com

   Domain: scalacourses.com
   Type:   connection
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.scalacourses.com

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
@mslinn
Copy link
Contributor Author

mslinn commented Feb 21, 2018
edited

I just discovered that #11 is the source of the problem, and the same error occurs a second time (on line 31) in the script:

printf -v QUERY 'HostedZones[?Name == `%s.`]|[?Config.PrivateZone != `false`].Id' "${DOMAIN}"

should be:

printf -v QUERY 'HostedZones[?Name == `%s.`]|[?Config.PrivateZone == `false`].Id' "${DOMAIN}"

I submitted PR #13 which could either be applied overtop #11, or in place of #11.

@kkraemer42
Copy link

Hello,

unfortunately, I have this exact error with both of those lines already corrected.

dns-01 challenge for <extension.example.org> Output from certbot-route53.sh: No hosted zone found that matches domain <extension.example.org> or hostname <extension.example.org>

What could this be? I have a hosted zone named (staying in this example) "example.org.".

@kkraemer42
Copy link

For me, hardcoding the right hosted zone made it work this time, so there seems to be a recognition error.

@mslinn
Copy link
Contributor Author

mslinn commented Mar 15, 2018

Without seeing your code I have no idea. Not volunteering to spend time doing that, however.

@zwolfinger
Copy link

Any progress on fixing this? I'm running into the same thing

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mslinn @zwolfinger @kkraemer42