Let's Encrypt 的 NXDOMAIN 机制到底是怎样的

程序是这个 https://oneinstack.com/faq/letsencrypt/ 基于 ACME
直接添加单一的不带 www 的域名是没有问题的，一加 www 马上根就 NX，加泛域名根也 NX

What Are You Doing?
1. Use HTTP Only
2. Use your own SSL Certificate and Key
3. Use Let's Encrypt to Create SSL Certificate and Key
q. Exit
Please input the correct option: 3

Please input domain(example: www.example.com): aaa.com
domain=aaa.com

Please input the directory for the domain:aaa.com :
(Default directory: /data/wwwroot/aaa.com):
Virtual Host Directory=/data/wwwroot/aaa.com

Create Virtul Host directory......
set permissions of Virtual Host directory......

Do you want to add more domain name? [y/n]: y

Type domainname or IP(example: example.com other.example.com): www.aaa.com
domain list=www.aaa.com

Let's Encrypt Verify error! DNS problem: NXDOMAIN looking up A for aaa.com


# dig aaa.com

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> aaa.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63822
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;aaa.com. IN A

;; ANSWER SECTION:
aaa.com. 599 IN A 192.74.251.xx

;; Query time: 285 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Mar 26 11:38:26 CST 2018
;; MSG SIZE rcvd: 53


# dig www.aaa.com

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> www.aaa.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27594
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.aaa.com. IN A

;; ANSWER SECTION:
www.aaa.com. 599 IN A 192.74.251.xx

;; Query time: 309 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Mar 26 11:38:45 CST 2018
;; MSG SIZE rcvd: 57