Certbot failed to authenticate some domains

A cert is authorised for www.dokiuh.io but not dokiuh.io and I'm not sure why
I tried selecting 1 for dokiuh.io which failed, then I tried selection 2 for www.dokiuh.io which completed, I then didn't make a selection/expanded but no dice

My domain is:
dokiuh.io

I ran this command:
certbot --apache2

It produced this output:
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.


1: dokiuh.io
2: www.dokiuh.io


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2
Requesting a certificate for www.dokiuh.io

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/www.dokiuh.io/fullchain.pem
Key is saved at: /etc/letsencrypt/live/www.dokiuh.io/privkey.pem
This certificate expires on 2023-08-31.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for www.dokiuh.io to /etc/apache2/sites-available/dokiuh.io-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://www.dokiuh.io


If you like Certbot, please consider supporting our work by:


Second command:
root@onetwodevserver:/# sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.


1: dokiuh.io
2: www.dokiuh.io


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):


You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/www.dokiuh.io.conf)

It contains these names: www.dokiuh.io

You requested these names for the new certificate: dokiuh.io, www.dokiuh.io.

Do you want to expand and replace this existing certificate with the new
certificate?


(E)xpand/(C)ancel: e
Renewing an existing certificate for dokiuh.io and www.dokiuh.io

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: dokiuh.io
Type: dns
Detail: no valid A records found for dokiuh.io; no valid AAAA records found for dokiuh.io

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

My web server is (include version):
Apache

The operating system my web server runs on is (include version):
Ubuntu / latest stable version of Jammy Jellyfish

My hosting provider, if applicable, is:
kamatera

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.6.0

Try again?

You may have needed to wait for your DNS provider to update its nameservers. It seems to be fine now.

5 Likes

Realised I had to add an A record with a host value of "@"
The only A record I had was the host "www"

Not sure whether to leave this here for people that make future blunders like this or delete it, if it doesn't constitute as helpful, feel free to remove it

I corrected it in my above reply, not sure if that's what actually corrected it or if what you said fixed it, either way, it authorised the cert, I appreciate your response :slight_smile:

Are you using the two sites independently of each other?

Because it they are in the same vhost, their names should be on the same cert.
You chose only one name:

What shows?:
certbot certificate

3 Likes

They are supposed to be the same site, it works but judging by your statement, I've made an oops

Did you mean certbot certificates?
If so, here's the output:

Found the following certs:
Certificate Name: dokiuh.io
Serial Number: 46ed5c53c896a904316ad46b6849e7628a7
Key Type: ECDSA
Domains: dokiuh.io www.dokiuh.io
Expiry Date: 2023-08-31 21:15:32+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/dokiuh.io/fullchain.pem
Private Key Path: /etc/letsencrypt/live/dokiuh.io/privkey.pem
Certificate Name: www.dokiuh.io
Serial Number: 4300d9ed9817d5792cb05a8aca0731eae82
Key Type: ECDSA
Domains: www.dokiuh.io
Expiry Date: 2023-08-31 20:53:32+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.dokiuh.io/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.dokiuh.io/privkey.pem

1 Like

You have two certs.

  • One with both names on it
  • One with only one name on it

If you can use the one with both names on it, then just delete the one with the single name on it.
certbot delete --cert-name www.dokiuh.io

Then do again:
certbot certificates
[to confirm everything is as you want it to be]

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.