ERPNext Foundation ERPNext Cloud User Manual Blog Discuss Frappé* Donate

Error DNS : when Setting Up SSL using Let's Encrypt

erpnext

#1

I installing ERPnext following the instructions below: https://github.com/tkosin/ERPNext-GCP-Installation/tree/f6f47b4e88601e6ebb923b8df19887447c1a5d21
I have problems when Setting up SSL using Let’s Encrypt
This is result when run command : “sudo bench setup lets-encrypt erp.site.io
— help me ! --thanks you !

bench@instance-1:~/erpnext$ bench config dns_multitenant on
bench@instance-1:~/erpnext$ sudo bench setup lets-encrypt erp.site.io
Running this will stop the nginx service temporarily causing your sites to go offline
Do you want to continue? [y/N]: y
INFO:bench.utils:sudo systemctl stop nginx
INFO:bench.utils:/opt/certbot-auto --config /etc/letsencrypt/configs/erp.site.io.cfg certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for erp.site.io
Waiting for verification…
Challenge failed for domain erp.site.io
http-01 challenge for erp.site.io
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: erp.site.io
    Type: connection
    Detail: dns :: DNS problem: NXDOMAIN looking up A for erp.site.io

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    INFO:bench.utils:sudo systemctl start nginx
    There was a problem trying to setup SSL for your site
    bench@instance-1:~/erpnext$ bench enable-scheduler
    Enabled for erp.site.io

This is picture :


#2

The NXDOMAIN is a DNS message type received by the DNS resolver (i.e. client) when a request to resolve a domain is sent to the DNS and cannot be resolved to an IP address. An NXDOMAIN error message means that the domain does not exist.

Could you post your DNS configuration?
It looks like that there is a misconfiguration in your DNS.

If I try to “dig” your site:

; <<>> DiG 9.10.6 <<>> erp.site.io -t A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17320
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;erp.site.io.			IN	A

;; AUTHORITY SECTION:
site.io.		900	IN	SOA	ns-498.awsdns-62.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 190 msec
;; SERVER: 10.0.100.1#53(10.0.100.1)
;; WHEN: Tue Mar 26 20:52:05 CST 2019
;; MSG SIZE  rcvd: 121

#3

@fromthestone
you can explain this part :
I don’t understand
; <<>> DiG 9.10.6 <<>> erp.site.io -t A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17320
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;erp.site.io. IN A

;; AUTHORITY SECTION:
site.io. 900 IN SOA ns-498.awsdns-62.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 190 msec
;; SERVER: 10.0.100.1#53(10.0.100.1)
;; WHEN: Tue Mar 26 20:52:05 CST 2019
;; MSG SIZE rcvd: 121


#4

@fromthestone
Do I register domain names before doing so?


#5

Yes LE expects that domain name to already be registered.

For example site.io must be publicly accessible to respond to ping.

Read about the dns challenge here https://letsencrypt.org/docs/challenge-types/

Here are sanity checks for you to be aware of

"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
"


#6

@clarkej
Thank you very much !
I understand.


#7

If you want just try a local installation, name a site, for example, site1.local, and add this site in your hosts file.

edit C:\Windows\System32\drivers\etc\hosts file if you use windows, and add:
127.0.0.1 site1.local
this lets you use your local site without any DNS name resolution.


#8

Will this also work for letsencrypt?


#9

no, cannot.
Let’s encrypt just working with “real domain names” such as facebook.com and not with facebook.local

take a look about domain names, so you can understand better the problem you are facing:
https://www.website.com/beginnerguide/domainnames/8/1/what-is-a-domain-name

and domain TLDs:


#10

Ok . Thanks you @fromthestone
I used bitnami to deploy ERPnext on cloud google and it worked
This is homepage

How to add modules on erpnext ?
I want to add module Education
thansks you


#11

btw, if you want to test ssl on a locally hosted server,you can use a self-signed certificate.