AWS Registered Domain (Route 53) non-AWS server

My MIAB is installed on an IONOS server. I’m trying to use a customer’s domain. They gave me access to their AWS account, and I went in and changed the nameservers to my MIAB server’s domain.

Most things work fine, but I get errors trying to set up the TLS certificates, and only some emails come through. I think this has something to do with the SOA record that AWS makes you have, and my customer has paid support with AWS, which I tried contacting first, but they were unsure if I should edit the SOA to point to my new DNS at my MIAB or not.

Does anyone know what the right values for the SOA should be?

The message when trying to provision certificates is:

Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for and 4 more domains Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: Type: connection Detail: 2333:f3c0:133:3f3::3: Fetching Timeout during connect (likely firewall problem) Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. Some challenges have failed. Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

I changed my customer’s domain, my ipv6 address, and the acme-challenge in the message.

Let’s Encrypt is stating that they cannot reach your server via IPv6. Is it not enabled?

Every zone in DNS must have a SOA record, so this is nothing unusual. What is unusual is Route53 “make(ing) you have” a SOA record if they are not the authoritative DNS. SOA records are published by the Authoritative DNS server, which in this case is MiaB, if you have changed the nameservers to point to your MiaB.

Yeah, that makes sense. I changed the nameservers to point to my MiaB and they won’t let me delete the SOA. I can edit the SOA, I don’t know how it should look to use my MiaB.

Also, IPv6 is enabled and working fine for all other domains.

If you’re willing to share your MiaB hostname and the domain in question in PM, I can take a look. :slight_smile:

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.