Certbot failed to authenticate domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:amusingattire.com

I ran this command: certbot --apache

It produced this output: cerbot failed to authenticate domain

My web server is (include version): apache 2.4.37

The operating system my web server runs on is (include version): rocky linux 8

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.22.0

i can ping my domain amussingattire.com and i can browse the http amusingattire.com but when i try to run certbot --apache for the domain i always get the same error message about the no a record or no aaaa record. i do have those records in my google domain setup.

i do have port 80 and 443 open and i did enable the selinux permissions that apache needs to get on the net.

i don't understand why the commands dont work if the http://amusingattire.com works and is running .

1 Like

Please show the entire output.


1 Like

@westdallas I see many DNS records but not an A or AAAA record.

Use this google dig tool and see for yourself.

What network are you on where the http URL works?


when i use the toolbox with my domain it shows as an A record
that is my static ip address.

i am using my internal network to check.

Well, I don't know about your toolbox but that needs to be visible on the public internet.

That google tool will check. I couldn't see A / AAAA from my test machine on an AWS system either.

Again, what URL machine did you test the URL from? Was that a public internet machine? Maybe try from a cell phone that is not using wifi if you have to.

Edit: Oops. Too funny. Fixed that sentence. But, looks like you made sense of that anyway as I now see the A records. (was rushing to dinner when I typed it the first time)


Looks like your A record is working now. And, the Let's Debug test site results are good.

I don't see a cert in the public logs yet. And, your server is still sending out the self-signed cert with rockeyserver name. If you are still having problems please post the current error.


i figured out the problem i have a att BGW320-505 and the allow inbound traffic was set to off located in the subnets and dhcp menu.

i switched to on and reset modem and it started working.

certbot worked.

thanks for helping me out.