Can't create certificate on my domain

Hi, successfully installed my certificate on my dns (https://33a5c65.online-server.cloud/) but seem to be unable to create one for my domain.

My domain is: arianeperrinpsychologue.fr

I ran this command: sudo certbot --duplicate --apache

It produced this output:
Obtaining a new certificate

Performing the following challenges:
http-01 challenge for arianeperrinpsychologue.fr
Waiting for verification...
Challenge failed for domain arianeperrinpsychologue.fr
http-01 challenge for arianeperrinpsychologue.fr
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: arianeperrinpsychologue.fr
  Type: unauthorized
  Detail: Invalid response from
  http://arianeperrinpsychologue.fr/.well-known/acme-challenge/O_i2odiMBAmKcLymWcx7hQ15R--jt-r-DhCnL3eJsTU
  [2001:8d8:100f:f000::299]: 204

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version): Apache/2.4.29

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: IONOS (www.ionos.fr)

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes, for my domain, dns and cloud server on which my website is hosted.
DNS panel looks like this :

image966×616 40.4 KB

(As seen in other posts, I tried do delete AAAA entries but I can't do that without deleting every entry with the service starting like "Redirection:", fataly return a 404 error)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.8.0

Thanks in advance for the help

Hi @Damocles

there is a frame.

<frame src="https://33a5c65.online-server.cloud/" title="Ariane Perrin psychologue" frameborder="0" noresize="noresize"/>
<noframes>

You can't create a Letsencrypt certificate with such a frame.

So you must change the A/AAAA-records.

They have to point to your online-server.cloud.

Those redirections are the issue here. Those are redirections from a year before I was born: <frameset> redirections.. There's no valid reason for those redirects any more IMHO. Also, the Let's Encrypt validation servers won't work with these kind of """redirects""".

Is there a particular reason you've got these <frameset> """redirects""" in place?

Personally, I would remove all those """redirects""", add your hostname arianeperrinpsychologue.fr to the Apache virtualhost and add a CNAME for @ and www to 33a5c65.online-server.cloud.

A CNAME for @ has the problem, that the mail may not work.

Hmm, true.. How would that work for dynamic DNS users? If a CNAME isn't an option.

Thanks a lot for all your answers !

That's a problem without a solution.

I have the same problem with my service.

subdomain.customerdomain.com -> CNAME myService works perfect, the customer can use the mail from customerdomain.com.

But

customerdomain.com -> CNAME myService
www.customerdomain.com -> CNAME myService

the second works, but the first kills the mail service the customer want's to use (and I don't want to add a mail service).

So something like

customerdomain.com -> A ip-of-myService
www.customerdomain.com -> CNAME myService

is required.

I didn't think a CNAME from an apex (@) was even allowed by standards. I've never attempted it though (and certainly won't based on the mail issue @JuergenAuer has mentioned).

However, CNAME records cannot coexist with other records with the same owner name. (The reason why is explored in Appendix B). This restriction means they cannot appear at a zone apex (such as "example.com") because of the SOA, NS, and other records that have to be present there.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.