View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Reverse DNS & Letsencrypt
Log in to Ask a Question

Reverse DNS & Letsencrypt

networking

Hi,

I'v several VPS with different providers.

When I have set reverse dns as f.e. linode.mydomain.ext and it resolves I add letsencrypt like:

sudo certbot --apache -d linode.mydomain.ext

linode.mydomain.ext is an A record from my DNS setup elswhere. So linode A ip

That works well on all my VPS's, but with Linode the certificate is made with a 'link' to li1422-xx.members.linode.com (old Reverse DNS) so the page generates an SSL error. The SSL certificate is generated and exepted by Letsencrypt, but the webpage will generate an SSL error so wont be load in your browser.

How can I avoid this? I don't understand.

3 Replies

It sounds like you need to tell Linode what name to use for the reverse DNS lookup (PTR record), since that is handled by their servers as the owners of the address range. The li-*.members.linode.com name is the default reverse lookup name assigned to all Linodes. See https://www.linode.com/docs/networking/ … everse-dns">https://www.linode.com/docs/networking/dns/setting-reverse-dns

If you've already followed this process (e.g., if that's what "When I have set reverse dns as f.e. linode.mydomain.ext" meant), then you may just need to wait a bit longer for the DNS changes to propagate fully, in particular to whatever servers the LetsEncrypt infrastructure is using for its reverse lookups, as the original records may still be cached.

-- David

@GASOLINE:

Hi,

That works well on all my VPS's, but with Linode the certificate is made with a 'link' to li1422-xx.members.linode.com (old Reverse DNS) so the page generates an SSL error. The SSL certificate is generated and exepted by Letsencrypt, but the webpage will generate an SSL error so wont be load in your browser.

How can I avoid this? I don't understand.
I don't understand. Could you explain what you mean by a "link"? What does Certbot output? What's your real hostname? What error messages do you receive? What's going wrong?

What's your OS, Certbot version, Apache configuration…?

@db3l:

If you've already followed this process (e.g., if that's what "When I have set reverse dns as f.e. linode.mydomain.ext" meant), then you may just need to wait a bit longer for the DNS changes to propagate fully, in particular to whatever servers the LetsEncrypt infrastructure is using for its reverse lookups, as the original records may still be cached.
Let's Encrypt doesn't do reverse DNS lookups.

Also, Let's Encrypt doesn't issue certificates for *.members.linode.com hostnames.

Your reverse DNS probably hasn't been set correctly, which is why it's still using the Linode-assigned one. You can confirm this by running:

dig -x your.linode's.ip.address

You can follow this guide to set your Linode's PTR record:

https://www.linode.com/docs/networking/ … everse-dns">https://www.linode.com/docs/networking/dns/setting-reverse-dns#setting-reverse-dns

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct