Certbot failed to authenticate some domains (authenticator: nginx)

I have some mistake below. How can I fix it?


Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.


(Y)es/(N)o: y
Account registered.

Which names would you like to activate HTTPS for?


1: mysite22.ru
2: www.mysite22.ru


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1,2
Requesting a certificate for mysite22.ru and www.mysite22.ru

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: mysite22.ru
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for mysite22.ru - check that a DNS record exists for this domain

Domain: www.mysite22.ru
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.mysite22.ru - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.

mysite22.ru doesn't seem to be registered. Let's Encrypt only works for valid, publicly accessible domains.

For example I use without https 555
So how can I do it like valid, publically?

How are you able to use that domain name, if it isn't actually registered?

As said, as a publicly trusted Certificate Authority, Let's Encrypt can only issue certificates for publicly accessible domain names, which means the domain needs to be registered properly and needs to be accessible by the public domain name system (DNS).

But how can I get https then?

Either:

  • start by registering the domain (to get a globally signed cert)
  • use your own private CA (to get a locally trustable cert)
  • use a self-signed cert (and manually trust it at each client)
1 Like

Fro example, I use these commands. Is it right?
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/nginx.key -out /etc/nginx/nginx.crt (generating a self-signed certificate)
sudo openssl dhparam -out /etc/nginx/dhparam.pem 2048
sudo nano /etc/nginx/sites-enabled/default //(uncomment listen 443 ssl default_server; and change server_name _; ssl_dhparam /etc/nginx/dhparam.pem;)\
//(add ssl_certificate /etc/nginx/nginx.crt; ssl_certificate_key /etc/nginx/nginx.key; )\
sudo nginx -t
sudo service nginx reload
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginxsudo certbot --nginx