Has anyone run into issues with DNS when trying to setup nginx? Trying to follow instructions from here I think I’m missing this part:
“Assuming that myhost.org resolves to the IP address of your host and port 80 and 443 has been opened.” But not sure how to do that.
Getting this error: “Dec 21 01:36:30 cape acme-blog.cape.dev-start[24108]: [blog.cape.dev] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for blog.cape.dev - the domain’s nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for blog.cape.dev - the domain’s nameservers may be malfunctioning”
You’ll actually need to own the domain and set up a record pointing it to the IP of this machine. You’ll need to buy it from some name registrar and then set it up with a dns server (which registrars usually offer for free).
At least, I checked the records for that domain and it simply isn’t set up. If you recently set it up you may need to wait a bit for the records to propagate, you could instead set the dns server with which to look up your domain in the security.acme settings to speed that up.
While you’re at it, it’s advisable to use the dns api path and register a wildcard cert for your domain, so you don’t need as many API requests.
It turns out that they didn’t need a domain, or ACME.
They are having trouble with nginx, and their confusion lead them into configuration guides misleading them into thinking they needed things they don’t.
For the record for people stumbling across this thread, all the acme configuration is only necessary if you want to host stuff with https - to achieve that, a third party needs to verify that you own the domain you’re claiming and give you a certificate to prove that (kind of the primary purpose of https), which acme can do by checking your DNS records and either opening a generated page with a key on your webserver or authenticating with an API key.
Your registrar also often hands out certificates directly, and other (usually paid) services exist, but acme is very commonly used since it’s free and easy to automate.
This is completely unnecessary (and in fact impossible) if you’re just hosting something on your intranet, though. You can still get https if you manually create a self-signed certificate, but acme won’t verify you own a domain you don’t own.