Apache2 Certbot with .dev domain

http challenge did not go through probably because of .dev domain?

My domain is: jeffchoy.dev

I ran this command: sudo certbot --apache -d jeffchoy.dev -d www.jeffchoy.dev

It produced this output:
Performing the following challenges:
http-01 challenge for www.jeffchoy.dev
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.jeffchoy.dev (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.jeffchoy.dev/.well-known/acme-challenge/nsd99wg_WA-YmIqxLVSK1B0gqTCJtoWo-q1E_KtV5eU: Error getting validation data

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.jeffchoy.dev
    Type: connection
    Detail: Fetching
    http://www.jeffchoy.dev/.well-known/acme-challenge/nsd99wg_WA-YmIqxLVSK1B0gqTCJtoWo-q1E_KtV5eU:
    Error getting validation data

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

My web server is (include version): Apache

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Apache2 2.4.29

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Hi @jeffffc

there is a check of your domain - https://check-your-website.server-daten.de/?q=jeffchoy.dev

With some problems.

Your ip addresses:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
jeffchoy.dev A 103.122.119.130 yes 1 0
AAAA yes
www.jeffchoy.dev C parkingpage.namecheap.com yes 1 0
A 198.54.117.210 yes
A 198.54.117.211 yes
A 198.54.117.212 yes
A 198.54.117.215 yes
A 198.54.117.216 yes
A 198.54.117.217 yes
A 198.54.117.218 yes

But your command:

You must remove the CNAME entry to that parking page, that can’t work.

Result: Your non-www answers with an Apache, your www with a nginx.

Or create a certificate only with the non-www version.

PS: The dev top level domain isn’t relevant.

1 Like

Thanks. I forgot it takes some time for CNAME records to get updated. I did delete the record already, probably need some more time for it to get refreshed. Will check again a few hours later.

That’s not required. Recheck your domain, if the changed DNS record is visible, you can start.

check-your-website and Letsencrypt are using the authoritative name servers to find the current values. So there is no caching.

1 Like