Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: overseerr.lucynet.org
Type: dns
Detail: DNS problem: SERVFAIL looking up A for overseerr.lucynet.org - the domain's nameservers may be malfunctioning; no valid AAAA records found for overseerr.lucynet.org
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
My web server is (include version): unknown
The operating system my web server runs on is (include version): Unraid 6.12.10, Linuxserver.io swag docker
My hosting provider, if applicable, is: squarespace
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 5.1.0
I'm running letsencrypt to setup a reverse proxy to access overseerr.lucynet.org. I don't have a great understanding of all of this but I'm trying to learn. PortChecker says ports 80 and 443 are open.
Thanks for looking into things. What should I be looking at to eliminate the 401 response?
Additionally, since originally posting, I added some CNAME records shown below and the letsencrypt server was able to start
Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
Sub-domains processed are: overseerr.lucynet.org
E-mail address entered: [redacted
http validation is selected
Certificate exists; parameters unchanged; starting nginx
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[custom-init] No custom files found, skipping...
[ls.io-init] done.
Server ready
That question is best directed to the support channels for the server you are running that is returning that response. Presumably that is a swag container. I have no idea where you can find support for that, but you need a properly functioning server environment before you start trying to issue certificates.
Did you configure firewall rules or other access restrictions on port 80?
Your web server is nginx. At least that is the server currently replying to HTTP requests to your domain. You can tell by viewing the response headers in an HTTP request.
The --standalone option is a poor choice when using a web server. You should be using --webroot or even the --nginx option instead.
Where did you see instructions that said to use --standalone?
So letsencrypt is issuing the certificates now that I added the CNAMEs.
Generating new certificate
Saving debug log to /config/log/letsencrypt/letsencrypt.log
Account registered.
Requesting a certificate for overseerr.lucynet.org
Successfully received certificate.
Certificate is saved at: /config/etc/letsencrypt/live/overseerr.lucynet.org/fullchain.pem
Key is saved at: /config/etc/letsencrypt/live/overseerr.lucynet.org/privkey.pem
This certificate expires on 2026-02-11.
These files will be updated when the certificate renews.
NEXT STEPS:
The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See User Guide — Certbot 5.2.0.dev0 documentation for instructions.
If you like Certbot, please consider supporting our work by:
New certificate generated; starting nginx
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[custom-init] No custom files found, skipping...
[ls.io-init] done.
Server ready
What you're saying is that this is most likely an issue with my Unraid server config? I'll go post over on those forums. Appreciate the responses.
As for port 80, I forwarded it to internal port 180 on my Unraid machine. My port forward setup is shown in a screenshot above.
I figured out the 401 error - I had uncommented the highlighted lines in the config file while messing around earlier. Recommenting them fixed the issue and now I'm up and running.
