Certbot requesting from wrong IP address

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jameswprice.io

I ran this command: Let's Debug

It produced this output:
ANotWorking

Error

jameswprice.io has an A (IPv4) record (23.21.202.204) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.

A timeout was experienced while communicating with jameswprice.io/23.21.202.204: Get "http://jameswprice.io/.well-known/acme-challenge/letsdebug-test": context deadline exceeded

Trace:
@0ms: Making a request to http://jameswprice.io/.well-known/acme-challenge/letsdebug-test (using initial IP 23.21.202.204)
@0ms: Dialing 23.21.202.204
@10001ms: Experienced error: context deadline exceeded

IssueFromLetsEncrypt

Error

A test authorization for jameswprice.io to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.

23.21.202.204: Fetching http://jameswprice.io/.well-known/acme-challenge/kD5r2Zjp1VLRRe_CkBmFVhKVCnoCKHVlkyNEUY6mEkc: Timeout during connect (likely firewall problem)

HTTPCheck

Debug

Requests made to the domain

Request to: jameswprice.io/23.21.202.204, Result: [Address=23.21.202.204,Address Type=IPv4,Server=,HTTP Status=0], Issue: ANotWorking
Trace:
@0ms: Making a request to http://jameswprice.io/.well-known/acme-challenge/letsdebug-test (using initial IP 23.21.202.204)
@0ms: Dialing 23.21.202.204
@10001ms: Experienced error: context deadline exceeded

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 24.04

My hosting provider, if applicable, is: AWS, jameswprice.io A record points to Elastic IP - 34.206.152.173, for unknown reason certbot is using 23.21.202.204.

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Route 53 manage DNS & running Apache locally on Ubuntu 24.04, site is 1 day old

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.9.0

Certbot does not use your IP.
When using HTTP-01 authentication, the ACME protocol requires the CA to connect to the IP of the name and verify the token file.
If you ask global DNS where your name is... it responds with:

Name:    jameswprice.io
Address: 23.21.202.204

So that is the IP the entire Internet will go to when looking for your site.

Do you know where/how to update your DNS record?

Thanks rg305! To my surprise, I was able to update AWS A record to point to 23.21.202.204 and passed test. I will now try to configure AWS Public IP Insights tool to track down IP & domain history. Most likely, I failed to properly release IP. Thanks again! James

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.