No hosted zone found that matches domain or hostname

Question

No hosted zone found that matches domain or hostname

Opened this issue 6 years ago · 5 comments

Here is certbot53, a script I wrote to use this project:

#!/bin/bash

#STAGING=--staging
CERT_DIR=/etc/pound/certbot
DOMAIN=scalacourses.com
MAIL_ADDR='mslinn@scalacourses.com'
SCRIPT_NAME=certbot-route53.sh

if [ ! -d "$CERT_DIR/letsencrypt" ]; then sudo mkdir -p $CERT_DIR/letsencrypt; fi
sudo chmod 777 "$CERT_DIR/letsencrypt"

cd $CERT_DIR

if [ ! -f "$CERT_DIR/$SCRIPT_NAME" ]; then
  sudo curl -sL https://git.io/vylLx -o $SCRIPT_NAME
  sudo chmod a+x certbot-route53.sh
fi

./$SCRIPT_NAME \
  --agree-tos \
  --manual-public-ip-logging-ok \
  --domains $DOMAIN,www.$DOMAIN \
  --renew-by-default \
  --email $MAIL_ADDR $STAGING

PRIV_KEY="$CERT_DIR/letsencrypt/live/$DOMAIN/privkey.pem"
FULL_CHAIN="$CERT_DIR/letsencrypt/live/$DOMAIN/fullchain.pem"
COMBINED="$CERT_DIR/combined-for-pound.pem"
cat "$PRIV_KEY" "$FULL_CHAIN" | sudo tee "$COMBINED" > /dev/null

I have a Route 53 public hosted zone called scalacourses.com. and it defines entries for scalacourses.com and www.scalacourses.com. Following is output from running the script. I do not understand the error messages:

No hosted zone found that matches domain com or hostname scalacourses.com
No hosted zone found that matches domain scalacourses.com or hostname www.scalacourses.com

./$SCRIPT_NAME \
  --agree-tos \
  --manual-public-ip-logging-ok \
  --domains $DOMAIN,www.$DOMAIN \
  --renew-by-default \
  --email $MAIL_ADDR $STAGING
+ ./certbot-route53.sh --agree-tos --manual-public-ip-logging-ok --domains scalacourses.com,www.scalacourses.com --renew-by-default --email mslinn@scalacourses.com --staging
Saving debug log to /etc/pound/certbot/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for scalacourses.com
dns-01 challenge for www.scalacourses.com
Output from certbot-route53.sh:
No hosted zone found that matches domain com or hostname scalacourses.com

Hook command "/etc/pound/certbot/certbot-route53.sh" returned error code 1
Output from certbot-route53.sh:
No hosted zone found that matches domain scalacourses.com or hostname www.scalacourses.com

Hook command "/etc/pound/certbot/certbot-route53.sh" returned error code 1
Waiting for verification...
Cleaning up challenges
Output from certbot-route53.sh:
No hosted zone found that matches domain com or hostname scalacourses.com

Hook command "/etc/pound/certbot/certbot-route53.sh" returned error code 1
Output from certbot-route53.sh:
No hosted zone found that matches domain scalacourses.com or hostname www.scalacourses.com

Hook command "/etc/pound/certbot/certbot-route53.sh" returned error code 1
Failed authorization procedure. www.scalacourses.com (dns-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.scalacourses.com, scalacourses.com (dns-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.scalacourses.com

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.scalacourses.com
   Type:   connection
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.www.scalacourses.com

   Domain: scalacourses.com
   Type:   connection
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.scalacourses.com

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

Answer 1 · 2018-02-21T22:45:13.000Z

I just discovered that #11 is the source of the problem, and the same error occurs a second time (on line 31) in the script:

printf -v QUERY 'HostedZones[?Name == `%s.`]|[?Config.PrivateZone != `false`].Id' "${DOMAIN}"

should be:

printf -v QUERY 'HostedZones[?Name == `%s.`]|[?Config.PrivateZone == `false`].Id' "${DOMAIN}"

I submitted PR #13 which could either be applied overtop #11, or in place of #11.

Answer 2 · 2018-03-12T15:48:18.000Z

Hello,

unfortunately, I have this exact error with both of those lines already corrected.

dns-01 challenge for <extension.example.org> Output from certbot-route53.sh: No hosted zone found that matches domain <extension.example.org> or hostname <extension.example.org>

What could this be? I have a hosted zone named (staying in this example) "example.org.".

Answer 3 · 2018-03-13T08:39:27.000Z

For me, hardcoding the right hosted zone made it work this time, so there seems to be a recognition error.

Answer 4 · 2018-03-15T00:28:48.000Z

Without seeing your code I have no idea. Not volunteering to spend time doing that, however.

Answer 5 · 2018-05-10T15:37:53.000Z

Any progress on fixing this? I'm running into the same thing