Certbot failed to authenticate some domains

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: itflow.omahatechnology.net

I ran this command: bash itflow_install.sh

It produced this output:
Imgur
My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Oracle cloud

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Welcome to the community @eskos

I think the error message is pretty clear. The Let's Encrypt server will use the public DNS system to identify your domain name. You must have an A record (if IPv4) and/or an AAAA record (if IPv6).

I see your apex domain has these records but your itflow subdomain has none.

In fact, your apex domain has 4 A records and 4 AAAA records. If those are the same records you plan to use for your itflow subdomain that becomes more complicated. Multi-server and CDN configs need proper care to handle HTTP Challenges (like the apache authenticator you are using).

We would need more info to give advice if that's the case.

2 Likes

I am using google DNS and Cloudflare and I have a A-record second set for it

What makes you think you're using Cloudflare for that domain? See:

dan@Dan-MBP-2013  ~  dig ns omahatechnology.net

; <<>> DiG 9.10.6 <<>> ns omahatechnology.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1493
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;omahatechnology.net.		IN	NS

;; ANSWER SECTION:
omahatechnology.net.	21600	IN	NS	ns-cloud-a4.googledomains.com.
omahatechnology.net.	21600	IN	NS	ns-cloud-a3.googledomains.com.
omahatechnology.net.	21600	IN	NS	ns-cloud-a2.googledomains.com.
omahatechnology.net.	21600	IN	NS	ns-cloud-a1.googledomains.com.

;; Query time: 233 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Nov 05 11:52:41 EDT 2022
;; MSG SIZE  rcvd: 169

Also, please don't post links to external image hosts--you can (and should) paste the images directly into your posts.

4 Likes

so I tried to put the domain in googledomian instead and I got a different error this time

Here is a list of issued certificates for crt.sh | omahatechnology.net, latest one being 2022-11-02, issued from C=US, O=Google Trust Services LLC, CN=GTS CA 1D4

SSL Labs is showing:
https://www.ssllabs.com/ssltest/analyze.html?d=omahatechnology.net&latest

Nothing indicates Cloudflare to me.

1 Like

well I moved it off of cloud flare if you look at the comment right above
just to see if I could get it working

1 Like

Ok;

1 Like

the website that i am trying to look for and get working is itflow.omahatechnology.net

1 Like

Using https://letsdebug.net/ with itflow.omahatechnology.net as the input

  1. HTTP-01 Let's Debug
  2. DNS-01 Let's Debug
  3. TLS-ALPN-01 Let's Debug

There doesn't seem to be any open port for the domain.
HTTP Port 80 - Check website performance and response: Check host - online website monitoring
HTTPS Port 443 - Check website performance and response: Check host - online website monitoring

Best Practice - Keep Port 80 Open

1 Like

i tried waiting a little bit to make sure google could set the DNS but it still gives me a cert bot failed

The DNS seeks ok Multi-country domain resolving with DNS service: Check host - online website monitoring
There is nothing listening on HTTP Port 80
Here Check website performance and response: Check host - online website monitoring
and here Let's Debug

1 Like

Only port 22 shows open for that IP.

Is Apache running? Can you show result of this

apachectl -t -D DUMP_VHOSTS

Are you sure that is correct public IP for that server? Can you show result of this?

curl -4 https://ifconfig.co
2 Likes

i don't understand why port 80 is unreachable I have it open

129.146.55.75

Those look like a firewall's settings, correct?

Is there anything listening on Port 80 for itflow.omahatechnology.net with an internet visible IPv4 Address of 129.146.64.91?

1 Like

this is all that is required

  • must be installed on a fresh install of ubuntu 22.04
  • Must reside on a public IP
  • Must have a domain or sub domain pointed to that IP. ex itflow.somedomain.com
  • Ports 80 and 443 must be open

I do not see itflow.omahatechnology.net mapping to that IPv4 Address, I see this IPv4 Address 129.146.64.91;
if it maps to more than one IP Address this is fine, but all must respond basically the same.

1 Like

Or more than one public IP Address, but all must respond basically the same.

1 Like

Where do you see that. Because I do see the IP they showed

3 Likes