Dediabn LAMP ISPConfig Fresh Install , Not Resolving Domain Correctly

These screenshots show that ports 80 and 443 (among others are open)
https://i.imgur.com/z8oPla0.png
https://i.imgur.com/xnbejT9.png

This screenshot shows the output #dig example.com command, an A record for my example.com appears to exist, but doesn't show an actual IP address. (I do not want to support IPv6, so didn't bother creating a AAA record for it.)

https://i.imgur.com/2XAbuEN.png

However, it should be noted that https://www.intodns.com still shows that an A record can't be found.

https://i.imgur.com/AjO50Qk.png

Could this be a matter of waiting for caches to be updated?

 

My signature has link to DNS tutorial, which explains how to test name service info directly from the authoritative name server. Then you do not have to wait for caches to expire or dns info to propagate.
So test the A record really really does exist on the authoritative name server.

 

One more screenshot, showing that I created the A records via aliabab dns

https://i.imgur.com/xrOBuFd.png

 

Ok.. I will skip ahead and test the DNS according to your tutorial

 

Sure enough... according to your brief dig output explanation... my DNS still isn't working correctly as no ip address or nameserver appears.... time to contact alibaba.... again..

 

quickie question:

As I try to configure A records in ISPConfig, it keeps suggesting my internal/private IP rather than my public IP. My public IP is used by AlibabaDNS. So just want to confirm whether I should use the public IP or the private IP as suggested by ISPConfig.

 

For the moment Alibaba is DNS provider, while I get everything configured. Once the nameservers are configured correctly I want to switch to my nameservers for branding... thanks for the quickie answer.

 

Ok... ever more confused.

dig @public-ip example.tld now shows an A record and ip address

Code:

root@server1:~# dig @public-ip example.tld

; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> @public-ip example.tld
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 31016
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 72535d00a9cd5d37f109e655606f022ee25c218e1ad6c156 (good)
;; QUESTION SECTION:
;example.tld.        IN    A

;; Query time: 2 msec
;; SERVER: public-ip#53(public-ip)
;; WHEN: Thu Apr 08 21:16:30 CST 2021
;; MSG SIZE  rcvd: 77

https://www.intodns.com now shows -zero- errors
uploaded screenshot

So I ran:

Code:

ispconfig_update.sh --force

to reinstall SSL certificate.... still -failed-

Code:

Create new ISPConfig SSL certificate (yes,no) [no]: yes

Checking / creating certificate for server1.example.com
Using certificate path /root/.acme.sh/server1.example.com
Using apache for certificate validation
acme.sh is installed, overriding certificate path to use /root/.acme.sh/server1.example.com
[Thu 08 Apr 2021 09:11:05 PM CST] server1.example.com:Verify error:Fetching http://server1.example.com/.well-known/acme-challenge/s1PlDR6XhUGckUiR5Vb2F0knhMwGqi4nPi0mD4oLvhY: Connection refused
[Thu 08 Apr 2021 09:11:05 PM CST] Please add '--debug' or '--log' to check more details.
[Thu 08 Apr 2021 09:11:05 PM CST] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
Issuing certificate via acme.sh failed. Please check that your hostname can be verified by letsencrypt
Could not issue letsencrypt certificate, falling back to self-signed.

going for a walk..

 

Ok, I am less confused.... just wrong. I will follow-up with alibaba, again but isn't it weird that intodns.com returns no errors?

 

I am on a completely fresh install of ISPConfig. I have done zero customizations. I even gave up on the DNS tutorial was just about ready to use the DNS wizard.

So it is a mystery to me that the connection is being refused.

The reason that I switched to alibaba is because I want to make sure the paid-service is a viable fallback if I screw something up with the server DNS.

Given the amount of issues that I am having getting the SSL to work, now that even the DNS is properly working... isn't it likely that when I installed the server on the internal IP address instead of the 127.0.1.1 and while the DNS was not working... that somewhere some key settings got "broken"...

I really have no problem resetting the sever and starting from scratch with server1.example.com pointed at the correct address and the DNS correctly working via alibaba if that will clear any additional bugs now and in the long run. Its a good tutorial, I screwed somethings up. Clearly, repeating work is not always the best answer, but there doesn't seem to be a ready explanation as to why the connection is being refused.

I just would be a bit frustrated if I reset and had the same problem because for some reason LE on ISPConfig doesn't like external DNS hosts.

 

I just heard back from alibaba and they indisputably verify that their dns is working correctly with a screenshot of their dig output..

https://i.imgur.com/FGS2Hrp.png

My error, was as you said, I was running the dig command on my server ip, not a dns server ip.

So the SSL certificate being refused problem is definitely somewhere within ISPconfig.

I just got the DNS zone entries setup correctly on my server via ISPConfig. I can switch from alibabdns to my local server at any time.

But, before I switch, I would like to get the SSL working with Alibaba DNS, just so I have peace of mind it is -not- a deeper problem somewhere.

 

Is my DNS tutorial confusing at that point? Do you have suggestion for better text?
Why not test with command host, it has simpler output.