Cerbot Failure port 80/180 443/1443 Unraid

My domain is: richardcjay.com

I ran this command:

It produced this output:

My web server is (include version): Swag

The operating system my web server runs on is (Unraid 6.9.2):

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I don't know

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I don't know

I cannot seem to get a certificate. I have spent the whole day thinking that I had set up port forwarding incorrectly - but I do think that I have set it up correctly. If I set my Unraid's management page from port 80 to 180, the Unraid management page shows up when you go to my domain (richardcjay.com). That seems to me like I have both DuckDNS and port forwarding set up correctly?

To be honest I have barely even considered if port 443/1443 is working. I spend the day trying to see if I had port 80/180 set up correctly since that is the first error in the log file.

Does anyone have have any advice?
Thank you for taking the time to read this.

Please read the error message provided by the Let's Encrypt validation server: "No valid IP address found for ...".

Your DNS is incorect: there are NO A or AAAA records for richardcjay.com or richardcjay.co.uk. If you're using the http-01 challenge, which the standalone plugin does, you need to make sure there is a publicly accessible IP address (IPv4 and/or IPv6) set up in the DNS for those hostnames.

See also:



Thank you for you quick and considered response.

I thought that as I had added a DuckDNS domain to the CNAME records and added the Duck DNS docker service to Unraid that I had set this up correctly.

I just tried to add DuckDNS's IP address ( as the A record for richardcjay.com&.co.uk. I don't know if that is what you were suggesting? I shall give it a couple of hours to let it settle and try again.

I'm not sure what role DuckDNS is playing here. If I check your domain(s), it seems your registar is a company called LCN.com. I don't see any mention of DuckDNS anywhere. See for yourself:



I cannot get a static IP so I have DuckDNS installed on unraid.

I believed that this dynamically updates www.richardcjay.duckdns.org with my IP. By using that domain as a CNAME I have been able to access basically any device that I forward port 80 to on my network from richardcjay.com & .co.uk. I don't understand why it seems to work for everything apart from Let's Encrypt/SWAG.

I can see a CNAME for www.richardcjay.com, but no A or CNAME for richardcjay.com.

Thank you, That is something to move me forward.

I changed the domain name in the lets encrypt/swag docker to include "www" in from of each name and I am getting a less errors in the log file.

This is... troubling:
What client is that?

I am not sure if I understand what you are asking. It is the log file from SWAG (linux server) docker image on Unraid.

Is it not possible to get lets encrypt working unless you have a static IP?

I swapped my name severs over to Cloudflare and I seem to be getting less errors:

At first it seems as if I have a certificate but the red error at the bottom seems to contradict that.

If I ping my site I do get to my IP address

It looks like the implementation you're using is very, VERY bad.. Really terrible. Revoking and deleting certificates without a very good reason, even if the issuance process hasn't finished yet? (The thing @rg305 noticed at the top of your very first log.) Getting a certificate successfully, but not seeing it? (Your last log.)

Such a terrible implementation is unfortunately not something we can fix, but should be addressed at the software engineers (or lack thereof) of the implementation. Maybe "Swag", maybe Unraid, I dunno.

Also, it seems it's not handling the "URL" parameter as separate hostnames as it only added the www subdomain for your .com domain. See the issued cert here: crt.sh | 5266047933 (look at the "X509v3 Subject Alternative Name" part).

Thank you for your time and patience.

Yeah, sorry for not having a better answer.

Maybe you could use just a single hostname in the URL parameter and add the other on at the EXTRA_DOMAINS parameter? Perhaps then that implementation issues the correct certificate and perhaps then it recognises it as being available.

That it a thought! I just deleted one of the domains from the Url and it works. I think that having multiple domains in that field was confusing the certbot

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.