Can't generate Certificate DNS problem

Hi it's been two weeks that I'm trying to generate a cert with nginx and no success.

My domain is:

I ran this command: sudo certbot --nginx -d -d

It produced this output:

Requesting a certificate for and

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Type:   dns
  Detail: no valid A records found for; no valid AAAA records found for

  Type:   dns
  Detail: no valid A records found for; no valid AAAA records found for

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Hostinger

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is: certbot 1.21.0

If I run nslookup I receive:
Server: Address:
That's correct.

I've added to nginx the domain and I'm able to reach my api using the domain.

In my hostinger panel I've already added my ipv4 to A and my ipv6 to AAAA and I still can't generate the cert.
I read loads of topics here with different solutions but not worked for me.
I'm very new to encrypting.

Welcome to the Let's Encrypt Community, Gabriel! :slight_smile:

How is the Let's Encrypt validation server going to reach your server with a private IP address (


This says it all:


Using the online tool

  1. DNS CAA Record -
  2. DNS A Record -
  3. DNS AAAA Record -

There are no A or AAAA DNS Records, you are trying to use the HTTP-01 challenge of the Challenge Types - Let's Encrypt which requires Port 80 access on the Domain pointing to (directly or indirectly) an IP Address.
If that is not possible the only challenge type available then is the DNS-01 challenge.

1 Like

...and just in case the previous posts aren't clear enough: The problem is that the DNS record for points to a private IP address. The Internet at large can't connect to private IP addresses (after all, they're private), and Let's Encrypt needs to be able to connect to your server to validate your control over the domain name. You'll need to either point the domain to a public IP address or use a different method of validation.


Why would you wait two weeks before asking for free help?


Many thanks for all the replies! You guys are awesome. I didn't asked because I was browsing all the questions before asking. I'll read all the attached links and try to change the IP to the Public one, then I come here to say if I was able to solve the problem. Once again thanks for all your help.


Finally I had a different error. I've used the command:

wget -qO- ; echo

And gave me the ip

Then I added the ip to to hostinger and now I'm receiving:

I disabled the ufw firewall just in case, but everything was allowed.
But when I check the domain in the Network Utility on mac and don't show that my ports are open for the public IP (I read a post from a guy that had the same problem here).
If I set the domain to the private one on hostinger show that the ports are open.
I'm kinda lost on this. :sweat:

You say your hosting provider is Hostinger, but that IP doesn't seem to belong to them. Seems like they're your registrar/DNS provider.

So how exactly is your website hosted? Are there any routers/firewall appliances between the machine and the internet?

1 Like

I'm basically using a mini pc as a server wired to my TP Link Router. I'm using nginx running a Nodejs api.
There is the UFW Firewall, but it's deactivated and even when activated everything is allowed.
My Nginx configs are:

    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;

    index.html index.htm index.nginx-debian.html;


    location / {
        proxy_pass: http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        try_files $uri $uri/ =404;

Yes, my domain provider is Hostinger and my hostinger configs are:

Did you forward the relevant ports (80, 443) from your router to your mini pc?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.