Cannot renew manual verification

mnetcafe · April 26, 2018, 1:43pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:cmrose.no-ip.biz and mnet.sytes.net

I ran this command:Download SSL Certificate

It produced this output:Domain “cmrose.no-ip.biz” challenge3 failed. … …

My web server is (include version):Apache, PHP, MySQL, Zend

The operating system my web server runs on is (include version):Windows 7 SP1

My hosting provider, if applicable, is: pc myself at home

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

stevenzhu · April 26, 2018, 4:30pm

Hi,

If you are using web based certificate creator, you’ll need to provide us the error message. So we can help you

Thank you

mnetcafe · April 27, 2018, 12:40am

Thanks for your reply.
Here is the error message when I click “Download SSL Certificate” :

Domain “cmrose.no-ip.biz” challenge3 failed. Response from “https://acme-v02.api.letsencrypt.org/acme/challenge/Gzm0Lx5FhhJe9VsDLYQeicxnHvPRtQqrf3qc6sdU9RM/4384976471” was:

Error: No valid IP addresses found for cmrose.no-ip.biz

Full Error: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:ietf:params:acme:error:unknownHost”, “detail”: “No valid IP addresses found for cmrose.no-ip.biz”, “status”: 400 }, “url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/Gzm0Lx5FhhJe9VsDLYQeicxnHvPRtQqrf3qc6sdU9RM/4384976471”, “token”: “Lb8vMklG9KG0CXIpzKaz-0hKpc7Rz3KkWSj_t0KI7_o”, “validationRecord”: [ { “url”: “http://cmrose.no-ip.biz/.well-known/acme-challenge/Lb8vMklG9KG0CXIpzKaz-0hKpc7Rz3KkWSj_t0KI7_o”, “hostname”: “cmrose.no-ip.biz”, “port”: “80” } ] }

_az · April 27, 2018, 1:00am

PROBLEM:
ReservedAddress

EXPLANATION:
An IANA/IETF-reserved address was found for cmrose.no-ip.biz. Let's Encrypt will always fail HTTP validation for any domain that is pointing to an address that is not routable on the internet. You should either remove this address or use the DNS validation method instead.

DETAIL:
10.2.51.73

mnetcafe · April 27, 2018, 2:05am

this is renew SSL, which means previously I’ve managed to get certificate for this domain https://cmrose.no-ip.biz

https://cmrose.no-ip.biz/01.png
https://cmrose.no-ip.biz/02.png

BTW. I will try another way as you suggest.

Thanks
Pras

_az · April 27, 2018, 2:07am

The likely explanation is that your domain wasn’t pointing to a private IP address at the time you initially created the certificate.

As long as you understand that only people inside your LAN can access that website, you’re fine to use DNS validation.

mnetcafe · April 27, 2018, 4:14am

Thanks for your help and attention

It work now with the same procedure as before I have done

sometime I get IP addr range from 10. x.x.x
after I reboot my router several time, I get valid IP

case closed!

Thanks everyone for your help and hard work here

system · May 27, 2018, 4:14am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.