Certbot NGINX - Some challenges have failed

Hi, sorry if this is a noob question but I have some problems during setup with Certbot.

My domain is:

I ran this command:
sudo certbot --nginx

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.

1: blockhub.gg
2: www.blockhub.gg
3: www.blockhub

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2
Requesting a certificate for www.blockhub.gg

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: www.blockhub.gg
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.blockhub.gg - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.blockhub.gg - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 22.04.2 LTS

My hosting provider, if applicable, is:
Namecheap for DNS

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.4.0

Issue resovled: I just used 1 instead of option 2. For some reason this helped even though I tried multiple times before without luck.

The reason is because you were trying to get a certificate for the www subdomain, but that subdomain doesn't exist in your DNS settings.

Ideally you'd add the www subdomain to your DNS and get a certificate for both 1 and 2.


Here is a list of issued certificates crt.sh | blockhub.gg, the latest being 2023-03-09 and it is only for blockhub.gg no www. nor *.

The last wildcard (i.e. *.) certificate was issued on 2021-06-15 from C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3

None of the issued certificates has/had www.

1 Like

Using this online tool https://unboundtest.com/ and looking for DNS A Records here are the results very similarly to Let's Encrypt's will get. Thus showing what Osiris is talking about in Post #3.




1 Like

That's not something anyone can reach via global DNS.


Shouldn't be a problem if one doesn't select that """hostname""" in Certbot :wink: