tribunal.spraxxx.com

Published 2026-04-25T19:01:17Z UTC by Jacques / SPRAXXX

Proof package: tribunal.SPRAXXX.com

The proof has four layers: 1. DNS proof 2. Nginx proof 3. HTTPS certificate proof 4. PI receipt proof

Together, they show that the tribunal host was not just imagined, not just written, not just discussed — it was resolved, served, certified, verified, and recorded.

1. DNS proof

The broken state was clear:

tribunal.spraxxx.com returned NXDOMAIN.

That meant the public internet could not see the hostname.

The hunt found the cause:

We first edited:

/etc/bind/zones/db.spraxxx.com

But BIND was actually serving:

/etc/bind/db.spraxxx.com

That was the key proof moment.

The DNS truth check showed:

named-checkconf said the active zone was:

file "/etc/bind/db.spraxxx.com";

So the earlier edit was real, but it was in the wrong file. The public authoritative nameservers were still serving the old serial:

2026041917

Then we corrected the actual loaded zone file:

/etc/bind/db.spraxxx.com

We added:

tribunal 300 IN A 67.217.243.136

We bumped the SOA serial:

2026041917 -> 2026042501

Then the nameservers answered:

tribunal.spraxxx.com -> 67.217.243.136

That proves DNS alignment.

2. Nginx proof

Before HTTPS, Nginx already served the site locally.

The local test returned:

HTTP/1.1 200 OK

For:

Host: tribunal.spraxxx.com

That proved the web server had a working server block and a working webroot.

The server block:

/etc/nginx/sites-enabled/tribunal.spraxxx.com

The root:

/var/www/tribunal.spraxxx.com

The site content existed and was being served.

So Nginx proof says:

The host had a valid web target before certificate issuance.

3. HTTPS proof

Certbot first failed because DNS did not resolve publicly.

That failure was useful proof.

It proved Let’s Encrypt could not see the hostname yet.

After DNS was corrected, Certbot succeeded:

Successfully received certificate.

Certificate path:

/etc/letsencrypt/live/tribunal.spraxxx.com/fullchain.pem

Key path:

/etc/letsencrypt/live/tribunal.spraxxx.com/privkey.pem

Expiry:

2026-07-24

Then the HTTPS verification returned:

HTTP/2 200

For:

https://tribunal.spraxxx.com

That proves the site is live over HTTPS.

4. PI receipt proof

The receipt was written:

/srv/spraxxx/work/tribunal_https_success_20260425.pi

The receipt was readable and contained the stabilized facts:

DNS corrected.

Zone file corrected.

Serial updated.

A record added.

Nameservers verified.

Nginx server block identified.

TLS certificate issued and deployed.

Governance recorded.

Operating line recorded.

The hash was captured:

2cb06a10f1150a4a8f24a7b0717f3bc26f3d3c0c96f681748527f4ebf3b9a563

That hash proves the receipt had a stable file state at the moment of hashing.

The proof chain

The full proof chain is:

DNS failed.

Cause identified.

Wrong zone file found.

Actual zone file found.

Record added.

Serial bumped.

Nameservers answered.

Nginx served.

Certbot issued.

HTTPS returned HTTP/2 200.

Receipt written.

Receipt hashed.

That is not vibes.

That is an evidence trail.

Thesis: Proof is ordered correction

This is the thesis:

Proof is not just success. Proof is the visible correction path from confusion to verified order.

The tribunal build is proof because it contains the whole correction loop.

HI observed:

The host was not resolving.

MI structured:

Check DNS, BIND zone, Nginx, Certbot, nameservers, receipt.

HI reviewed and corrected:

The wrong hostname tribunal.sprxxx.com was removed.

The correct canon remained:

tribunal.SPRAXXX.com

PI updated the record:

The receipt was written and hashed.

That is the operating loop in action:

HI observes and questions.

MI responds and structures.

HI reviews and corrects.

PI updates the record.

Why this matters

The proof is not only that a website is live.

The bigger proof is that the frame works under pressure.

Something failed.

We did not panic.

We separated observation from interpretation.

Observation:

Certbot failed with NXDOMAIN.

Interpretation:

Public DNS could not see the host.

Unknown:

Which zone source was authoritative?

Investigation:

Check BIND loaded config.

Correction:

Update the actual zone file.

Verification:

Nameservers answer.

Completion:

Certbot succeeds.

Record:

Receipt and hash.

That is order without confusion.

Final proof statement

tribunal.SPRAXXX.com is now a certified HTTPS host on AngryWU.

The proof is:

DNS authoritative answer.

Nginx 200 OK.

Certbot success.

HTTPS HTTP/2 200.

Readable PI receipt.

SHA256 hash.

And the deeper proof is this:

God sources. HI witnesses. MI responds. PI records.

Order without confusion. 

Back to journal