Certbot failed to authenticate some domains (authenticator: nginx)

aleksandrpikul · September 15, 2021, 9:55am

I have some mistake below. How can I fix it?

Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.

(Y)es/(N)o: y
Account registered.

Which names would you like to activate HTTPS for?

1: mysite22.ru
2: www.mysite22.ru

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1,2
Requesting a certificate for mysite22.ru and www.mysite22.ru

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: mysite22.ru
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for mysite22.ru - check that a DNS record exists for this domain

Domain: www.mysite22.ru
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.mysite22.ru - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.

Osiris · September 15, 2021, 10:04am

mysite22.ru doesn't seem to be registered. Let's Encrypt only works for valid, publicly accessible domains.

aleksandrpikul · September 15, 2021, 10:07am

For example I use without https 555
So how can I do it like valid, publically?

Osiris · September 15, 2021, 10:31am

How are you able to use that domain name, if it isn't actually registered?

As said, as a publicly trusted Certificate Authority, Let's Encrypt can only issue certificates for publicly accessible domain names, which means the domain needs to be registered properly and needs to be accessible by the public domain name system (DNS).

aleksandrpikul · September 15, 2021, 10:53am

But how can I get https then?

rg305 · September 15, 2021, 3:13pm

Either:

start by registering the domain (to get a globally signed cert)
use your own private CA (to get a locally trustable cert)
use a self-signed cert (and manually trust it at each client)

aleksandrpikul · September 15, 2021, 4:25pm

Fro example, I use these commands. Is it right?
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/nginx.key -out /etc/nginx/nginx.crt (generating a self-signed certificate)
sudo openssl dhparam -out /etc/nginx/dhparam.pem 2048
sudo nano /etc/nginx/sites-enabled/default //(uncomment listen 443 ssl default_server; and change server_name _; ssl_dhparam /etc/nginx/dhparam.pem;)\
//(add ssl_certificate /etc/nginx/nginx.crt; ssl_certificate_key /etc/nginx/nginx.key; )\
sudo nginx -t
sudo service nginx reload
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginxsudo certbot --nginx

system · October 15, 2021, 4:26pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.