stib<p>I seem to have a <a href="https://aus.social/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> problem (unheard of, right?).<br>I've got <a href="https://aus.social/tags/nginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nginx</span></a> working with <a href="https://aus.social/tags/HTTPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HTTPS</span></a>, using <a href="https://aus.social/tags/certbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certbot</span></a>, and there's an A record that points at the IP address of the server. So I can go to <a href="https://mydomain.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">mydomain.com</span><span class="invisible"></span></a> and it's all dandy (thank you <span class="h-card" translate="no"><a href="https://mastodon.social/@eff" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>eff</span></a></span>). <br>Now I want a TLS certificate for the <a href="https://aus.social/tags/Dovecot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Dovecot</span></a> mail server. I've set up a virtual server for mail.mydomain.com like this:<br>```<br>server {<br> listen 80;<br> listen [::]:80;<br> server_name mail.mydomain.com;</p><p> root /usr/share/nginx/html/;</p><p> location ~ /.well-known/acme-challenge {<br> allow all;<br> }<br>}<br>```<br>But when I run certbot I get this:<br>```<br>NoRecords<br>Fatal<br>No valid A or AAAA records could be ultimately resolved for mail.mydomain.com. This means that Let's Encrypt would not be able to connect to your domain to perform HTTP validation, since it would not know where to connect to.<br>No A or AAAA records found. <br>```<br>On my domain registrar's dashboard it says that I don't need to set up a MX record if I have only one mail server and it is on the same IP address as my Domain Record. But I'm thinking the certbot error doesn't sound like it's looking for an MX record. <br>Should I temporarily make a subdomain record for mail.mydomain.com?<br><a href="https://aus.social/tags/ImSoConfused" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ImSoConfused</span></a> <a href="https://aus.social/tags/AskFedi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AskFedi</span></a> <a href="https://aus.social/tags/FediTechSupport" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FediTechSupport</span></a></p>