Cant Renew Certs

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: /

I ran this command:
sudo certbot renew

It produced this output:
sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Waiting for verification…
Cleaning up challenges
Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: Failed authorization procedure. (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for, (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)


My web server is (include version):

The operating system my web server runs on is (include version):
Linux 4.15.0-106-generic #107-Ubuntu

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

What’s the IP address of your Ubuntu server?

You need to add an A record for it in your GoDaddy DNS control panel:

the Ip address is

there is one.

Dig results:

; <<>> DiG 9.16.3-Debian <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53107
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 512
; IN A


;; Query time: 180 msec
;; WHEN: Tue Jun 16 22:45:49 EDT 2020
;; MSG SIZE rcvd: 77

Ah, I see. There are actually two different registered domains that Certbot is tyring to include on the certificate:

The variant of your domain which includes the ‘a’ character does not have an A record.

You should either add the A record to it, or tell Certbot not to include that domain.

1 Like

where is it getting the johnawalley info from? Where is certbot picking that up?

When deciding which names to renew, Certbot just copies them from the previous/current certificate.

If you take a look at the output of this command, you can see a list of each certificate and what names are included:

certbot certificates

If you want to redefine what the certificates are, you can do something like:

certbot renew --cert-name -d -d

and only those two names will be requested on the renewed certificate (and in the future as well).

I never did figure out where the a was coming from. I ended up deleting my certs and recreating. That did the trick. I noticed when recreating that the “a” came up as an option again. I’m not sure where thats coming from.

Thanks for your help. All is good now.

You can find it with:
apachectl -S

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.