Failing to setup DNS with OVH

Njara

Hi,
I have same problem : queryNs ESERVFAIL cofident.net

host -t NS cofident.net
cofident.net name server dns102.ovh.net.
cofident.net name server ns102.ovh.net.

and

dig cofident.net

; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> cofident.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6469
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;cofident.net.                  IN      A

;; ANSWER SECTION:
cofident.net.           180     IN      A       102.16.39.138

;; Query time: 6 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu May 15 12:55:53 UTC 2025
;; MSG SIZE  rcvd: 57

and

sudo cloudron-support --troubleshoot

Vendor: Dell Inc. Product: Latitude E6320
Linux: 6.8.0-60-generic
Ubuntu: noble 24.04
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
BIOS Intel(R) Core(TM) i5-2520M CPU @ 2.50GH         To Be Filled By O.E.M. CPU @ 2.5GHz x 4
RAM: 3883808KB
Disk: /dev/mapper/ubuntu--vg-ubuntu--lv   80G
[OK]    node version is correct
[OK]    IPv6 is enabled in kernel. No public IPv6 address
[OK]    docker is running
[OK]    docker version is correct
[OK]    MySQL is running
[OK]    nginx is running
sed: can't read /home/yellowtent/platformdata/nginx/applications/dashboard/my..conf: No such file or directory
Could not open file or uri for loading certificate from
40E799F7EC7D0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file
40E799F7EC7D0000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat()
Unable to load certificate
[FAIL]  Certificate has expired. Certificate expired at
        Please check /home/yellowtent/platformdata/logs/tasks/.log for last cert renewal logs
        Common issues include expiry of domain's API key OR incoming http port 80 not being open

How to unlock the install ?
Thanks

nebulon

sed: can't read /home/yellowtent/platformdata/nginx/applications/dashboard/my..conf: No such file or directory

somehow this looks like the dashboard domain couldn't be read from the database. Can you run the following via SSH on the server and check if it prints the correct dashboard domain of the server?

mysql -NB -uroot -ppassword -e "SELECT value FROM box.settings WHERE name='dashboard_domain'"

Njara

Hi

sudo mysql -NB -uroot -ppassword -e "SELECT value FROM box.settings WHERE name='dashboard_domain'"
[sudo] password for jmc:
mysql: [Warning] Using a password on the command line interface can be insecure.

nebulon

That is not looking great if such basic values are missing in the settings table. Is there anything else set in that table? Most likely the best way to get back up is a whole server restore then, since something has gone quite wrong if that is missing in the database.

Njara

Hi Nebulon,
This is a fresh install on ubuntu 24.04 LTS. I just did apt update & upgrade before installing cloudron.
The error message appears on first configuration

nebulon

Ah ok, so have you gone through the DNS setup wizard by visiting the raw server IP after installation of Cloudron?

Njara

I can't finish the installation because I'm stuck on the DNS configuration.

- IMAGE DELETED BY MODERATION -

james

Hello @Njara

Since you have censored your domain with cofident (typo or abbreviation of confidential?)
It is not possible for me to look up the DNS name to do some analysis.

I had to delete your posted screenshot because it still leaked sensitive information. The censoring was inadequate, and the last input field was not censored at all.
You can edit your post and upload a new screenshot with adequate censoring / redaction.
Warning! Please reset the used token and secret posted here just to be secure!

---

I saw that you are using OVH.
Your server and Domain is managed by OVH? Because if the Domain is not, then the used credentials for the DNS Setup will not work.

Can you please share the output of the following command on your local computer?

Note awesome.it is a placeholder, please use your top level domain, not the my.DOMAIN.TLD but DOMAIN.TLD.

# Linux / macOS
dig NS awesome.it @1.1.1.1 +short

# Windows
nslookup -q=ns awesome.it 1.1.1.1

Only the response of that command is needed, so I can confirm what DNS provider is managing your DNS records.

james

Oh sorry! I see you have already posted that information and your domain really IS http://cofident.net/!

Then the image you posted showed the error quite clearly.
You did only input cofident in the first input field where you set your domain.
But you need to put cofident.net in there.
That should solve it.

Njara

Hello James,
Yes the domain is managed by OVH.
I still get the same error with the full domain name

- IMAGE DELETED BY MODERATION -

Otherwise

jmc@dell:~$ dig NS cofident.net @1.1.1.1 +short
;; communications error to 1.1.1.1#53: timed out
;; communications error to 1.1.1.1#53: timed out
;; communications error to 1.1.1.1#53: timed out

; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> NS cofident.net @1.1.1.1 +short
;; global options: +cmd
;; no servers could be reached

jmc@dell:~$ dig NS cofident.net @8.8.8.8 +short
dns102.ovh.net.
ns102.ovh.net.

jmc@dell:~$ dig -x 102.16.39.138

; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> -x 102.16.39.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39342
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;138.39.16.102.in-addr.arpa.    IN      PTR

;; ANSWER SECTION:
138.39.16.102.in-addr.arpa. 600 IN      PTR     cofident.net.

;; Query time: 220 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu May 22 11:48:03 UTC 2025
;; MSG SIZE  rcvd: 81

james

@Njara I just had to delete your screenshot again, it still or again showed almost the full credentials.
And even worse, now you have uploaded this screenshot to casimages.com.
You will have to reset these credentials since you have now uploaded them to casimages.com.

A good censored screenshot looks something like this.

There is not 1 pixel of any character leaking from the field.
With image AI these days, reconstructing your credentials from bad censored image can be done within seconds.

---

When I run the dig command, I get:

dig NS cofident.net @1.1.1.1 +short
dns102.ovh.net.
ns102.ovh.net.

Which seems correct.
But since you are getting a timeout from Cloudflare (1.1.1.1) there is something wrong with your DNS.

Please connect to your server via. ssh and run the following command:

cloudron-support --send-diagnostics

this will gather all information needed and will provide you a URL like https://paste.cloudron.io/SomeRandomCharString
Please post this URL here so I can take a look at your system and what is wrong with it.

At minimum you will have to provide the output of:

dig NS cofident.net @127.0.0.150

and

systemctl status unbound.service

Njara

@james
Thanks for the information on the image. I will regenerate the API keys.

Concerning the error on 1.1.1.1, I have the same on a Windows computer.

Otherwise

root@dell:~# cloudron-support --send-diagnostics
Generating Cloudron Support stats...Done
Uploading information...Done

Please email the following link to support@cloudron.io : https://paste.cloudron.io/imomagiruq

root@dell:~# dig NS cofident.net @127.0.0.150
;; communications error to 127.0.0.150#53: timed out

; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> NS cofident.net @127.0.0.150
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20202
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;cofident.net.                  IN      NS

;; Query time: 1777 msec
;; SERVER: 127.0.0.150#53(127.0.0.150) (UDP)
;; WHEN: Fri May 23 12:49:48 UTC 2025
;; MSG SIZE  rcvd: 41

root@dell:~# systemctl status unbound.service
● unbound.service - Unbound DNS Resolver
     Loaded: loaded (/etc/systemd/system/unbound.service; enabled; preset: enabled)
     Active: active (running) since Fri 2025-05-23 12:38:23 UTC; 11min ago
    Process: 1125 ExecStartPre=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key (code=exited, status=0/SUCCESS)
   Main PID: 1498 (unbound)
      Tasks: 1 (limit: 4461)
     Memory: 11.5M (peak: 12.0M)
        CPU: 128ms
     CGroup: /system.slice/unbound.service
             └─1498 /usr/sbin/unbound -d

mai 23 12:38:08 dell systemd[1]: Starting unbound.service - Unbound DNS Resolver...
mai 23 12:38:23 dell unbound[1498]: [1498:0] notice: init module 0: subnetcache
mai 23 12:38:23 dell unbound[1498]: [1498:0] notice: init module 1: validator
mai 23 12:38:23 dell unbound[1498]: [1498:0] notice: init module 2: iterator
mai 23 12:38:23 dell unbound[1498]: [1498:0] info: start of service (unbound 1.19.2).
mai 23 12:38:23 dell systemd[1]: Started unbound.service - Unbound DNS Resolver.

Thanks for your help

james

@Njara
When I run the dig NS cofident.net @127.0.0.150 on one of my Cloudron servers, I get.

dig NS cofident.net @127.0.0.150

; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> NS cofident.net @127.0.0.150
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27068
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;cofident.net.                  IN      NS

;; ANSWER SECTION:
cofident.net.           294     IN      NS      dns102.ovh.net.
cofident.net.           294     IN      NS      ns102.ovh.net.

;; Query time: 0 msec
;; SERVER: 127.0.0.150#53(127.0.0.150) (UDP)
;; WHEN: Fri May 23 12:58:07 UTC 2025
;; MSG SIZE  rcvd: 86

This section is missing on your part:

;; ANSWER SECTION:
cofident.net.           294     IN      NS      dns102.ovh.net.
cofident.net.           294     IN      NS      ns102.ovh.net.

Now I am looking into your generated details https://paste.cloudron.io/imomagiruq