Can't verify my domain error [Verify error:unknownHost :: No valid IP addresses found for]

hi
My domain is: aalsultan.com

I ran this command: acme.sh --issue -d aalsultan.com --keylength 4096 -w /var/www/letsencrypt --key-file /etc/letsencrypt/rsa-certs/privkey.pem --ca-file /etc/letsencrypt/rsa-certs/chain.pem --cert-file /etc/letsencrypt/rsa-certs/cert.pem --fullchain-file /etc/letsencrypt/rsa-certs/fullchain.pem

It produced this output:
[Wed Sep 4 18:11:28 UTC 2019] Create account key ok.
[Wed Sep 4 18:11:28 UTC 2019] Registering account
[Wed Sep 4 18:11:30 UTC 2019] Registered
[Wed Sep 4 18:11:30 UTC 2019] ACCOUNT_THUMBPRINT=‘NeF4Vzx_qgeiN5l6Q9dF9g_r5kuVIM5dJa36SLR5taM’
[Wed Sep 4 18:11:30 UTC 2019] Creating domain key
[Wed Sep 4 18:11:31 UTC 2019] The domain key is here: /home/acmeuser/.acme.sh/aalsultan.com/aalsultan.com.key
[Wed Sep 4 18:11:31 UTC 2019] Single domain=‘aalsultan.com
[Wed Sep 4 18:11:31 UTC 2019] Getting domain auth token for each domain
[Wed Sep 4 18:11:32 UTC 2019] Getting webroot for domain=‘aalsultan.com
[Wed Sep 4 18:11:33 UTC 2019] Verifying: aalsultan.com
[Wed Sep 4 18:11:36 UTC 2019] aalsultan.com:Verify error:Invalid response from http://aalsultan.com/.well-known/acme-challenge/I-pCvG6YYFKt5UOC_G93N6hsPZQLrTUDOQc6AVIF8RY [66.96.162.135]:
[Wed Sep 4 18:11:36 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Wed Sep 4 18:11:36 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

My web server is (include version):

The operating system my web server runs on is (include version): ubuntu 18

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

This site uses a HTTP redirect to a completely different IP address, indicating that your DNS records are set quite inappropriately.

1 Like

so i must stop redirecting to this IP and correct DNS record ?

1 Like

If I understand the question correctly, yes. You need to set a DNS A record pointing to your actual IP address.

1 Like

thanks danb35. i set a DNS a record pointing to my IP. but still cant verifying when i trying to issue certs. below is the new logs. thanks again for your help.

[Thu Sep 5 08:13:51 UTC 2019] Single domain=‘aalsultan.com
[Thu Sep 5 08:13:51 UTC 2019] Getting domain auth token for each domain
[Thu Sep 5 08:13:55 UTC 2019] Getting webroot for domain=‘aalsultan.com
[Thu Sep 5 08:13:55 UTC 2019] Verifying: aalsultan.com
[Thu Sep 5 08:13:59 UTC 2019] aalsultan.com:Verify error:unknownHost :: No valid IP addresses found for aalsultan.com
[Thu Sep 5 08:13:59 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Thu Sep 5 08:13:59 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

Hi @Abdullah-s

there is only an A record of your www version - https://check-your-website.server-daten.de/?q=aalsultan.com

Host T IP-Address is auth. ∑ Queries ∑ Timeout
aalsultan.com A yes 1 0
AAAA yes
www.aalsultan.com A 95.177.164.65 Riyadh/Ar Riyāḑ/Saudi Arabia (SA) - ARABIAN INTERNET & COMMUNICATIONS SERVICES CO.LTD No Hostname found yes 1 0
AAAA yes

Your non www version doesn't have an ip address.

So it's impossible to create a certificate using http validation.

Add a new A record aalsultan.com -> 95.177.164.54

And perhaps create a certificate with both domain names - non-www and www.

i already added this record before. please see the attached capture.
domains
thanks for ur help

That menu adds the domain name.

So now you have an A entry with aalsultan.com.aalsultan.com.

D:\temp>nslookup aalsultan.com.aalsultan.com. ns1.domain.com.

Name:    aalsultan.com.aalsultan.com
Address:  95.177.164.65

Normally, @ is used if you want to create an entry with your main domain.

Share the complete output of your dns menu.

PS: And there is a second wrong entry alsultan.com.aalsultan.com.

sure, please see the attached captures

thanks

3

The raw A entry is missing.

A @ 95.177.164.65

Like your other “raw” entries with “@” in the second column.

i have updated my DNS list. removed the wrong entry as you mentioned above and added the missing entry A @ 95.177.164.65.


i mean is this enough to solve my issue.

below is the logs
and i have ran this command (
acme.sh --issue -d aalsultan.com --keylength ec-384 -w /var/www/letsencrypt --key-file /etc/letsencrypt/ecc-certs/privkey.pem --ca-file /etc/letsencrypt/ecc-certs/chain.pem --cert-file /etc/letsencrypt/ecc-certs/cert.pem --fullchain-file /etc/letsencrypt/ecc-certs/fullchain.pem --log

)

plz i need help. i have been stuck in this issue since 2 weeks

There is your error: “Operation not permitted”. Looks like the account you use has insufficient rights.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.