Can't create certificate on my domain

Hi, successfully installed my certificate on my dns ( but seem to be unable to create one for my domain.

My domain is:

I ran this command: sudo certbot --duplicate --apache

It produced this output:
Obtaining a new certificate

Performing the following challenges:
http-01 challenge for
Waiting for verification...
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


My web server is (include version): Apache/2.4.29

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: IONOS (

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Yes, for my domain, dns and cloud server on which my website is hosted.
DNS panel looks like this :

(As seen in other posts, I tried do delete AAAA entries but I can't do that without deleting every entry with the service starting like "Redirection:", fataly return a 404 error)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.8.0

Thanks in advance for the help :wink:

1 Like

Hi @Damocles

there is a frame.

<frame src="" title="Ariane Perrin psychologue" frameborder="0" noresize="noresize"/>

You can't create a Letsencrypt certificate with such a frame.

So you must change the A/AAAA-records.

They have to point to your

1 Like

Those redirections are the issue here. Those are redirections from a year before I was born: <frameset> redirections.. :face_vomiting: There's no valid reason for those redirects any more IMHO. Also, the Let's Encrypt validation servers won't work with these kind of """redirects""".

Is there a particular reason you've got these <frameset> """redirects""" in place?

Personally, I would remove all those """redirects""", add your hostname to the Apache virtualhost and add a CNAME for @ and www to

A CNAME for @ has the problem, that the mail may not work.


Hmm, true.. How would that work for dynamic DNS users? If a CNAME isn't an option.


Thanks a lot for all your answers ! :wink:

1 Like

That's a problem without a solution.

I have the same problem with my service. -> CNAME myService works perfect, the customer can use the mail from

But -> CNAME myService -> CNAME myService

the second works, but the first kills the mail service the customer want's to use (and I don't want to add a mail service).

So something like -> A ip-of-myService -> CNAME myService

is required.


I didn't think a CNAME from an apex (@) was even allowed by standards. I've never attempted it though (and certainly won't based on the mail issue @JuergenAuer has mentioned).

However, CNAME records cannot coexist with other records with the same owner name. (The reason why is explored in Appendix B). This restriction means they cannot appear at a zone apex (such as "") because of the SOA, NS, and other records that have to be present there.

1 Like