Certbot failed to authenticate domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:amusingattire.com

I ran this command: certbot --apache

It produced this output: cerbot failed to authenticate domain

My web server is (include version): apache 2.4.37

The operating system my web server runs on is (include version): rocky linux 8

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.22.0

i can ping my domain amussingattire.com and i can browse the http amusingattire.com but when i try to run certbot --apache for the domain i always get the same error message about the no a record or no aaaa record. i do have those records in my google domain setup.

i do have port 80 and 443 open and i did enable the selinux permissions that apache needs to get on the net.

i don't understand why the commands dont work if the http://amusingattire.com works and is running .

1 Like

Please show the entire output.


1 Like

@westdallas I see many DNS records but not an A or AAAA record.

Use this google dig tool and see for yourself.

What network are you on where the http URL works?


when i use the toolbox with my domain it shows as an A record
that is my static ip address.

i am using my internal network to check.

Well, I don't know about your toolbox but that needs to be visible on the public internet.

That google tool will check. I couldn't see A / AAAA from my test machine on an AWS system either.

Again, what URL machine did you test the URL from? Was that a public internet machine? Maybe try from a cell phone that is not using wifi if you have to.

Edit: Oops. Too funny. Fixed that sentence. But, looks like you made sense of that anyway as I now see the A records. (was rushing to dinner when I typed it the first time)


Looks like your A record is working now. And, the Let's Debug test site results are good.

I don't see a cert in the public logs yet. And, your server is still sending out the self-signed cert with rockeyserver name. If you are still having problems please post the current error.


i figured out the problem i have a att BGW320-505 and the allow inbound traffic was set to off located in the subnets and dhcp menu.

i switched to on and reset modem and it started working.

certbot worked.

thanks for helping me out.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.