Certbot - Unable to Pass Challenge - DNS A/AAAA Records Not Present for Domain

My domain is: tcwlmd.com

I ran this command: certbot certonly -n -d tcwlmd.com -d www.tcwlmd.com --standalone --preferred-challenges http --email admin@tcwlmd.com --agree-tos --expand

It produced this output:
Performing the following challenges:
http-01 challenge for tcwlmd.com
http-01 challenge for www.tcwlmd.com
Waiting for verification...
Challenge failed for domain tcwlmd.com
Challenge failed for domain www.tcwlmd.com
http-01 challenge for tcwlmd.com
http-01 challenge for www.tcwlmd.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:

My web server is (include version):

The operating system my web server runs on is (include version):
I am running nginx in docker

My hosting provider, if applicable, is: aws
Running web app in elastic beans stalk

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.11.0

DNS Check https://check-your-website.server-daten.de/?q=tcwlmd.com

PLEASE HELP!

1 Like

Welcome to the Let’s Encrypt community!
I can't seem to ping or access the website which leads me to believe that your firewall is blocking port 80 and/or port 443.

@Litbelb I am using Cloudflare as proxy DNS. But I don't have any ACL rule blocking 80 or 433

My bad. I can access and ping the website just fine. However, when I look your website up on crt.sh (https://crt.sh/?q=tcwlmd.com), I see several different certificates. These may be conflicting with your current Certificate. Do you have any other certificates stored in the lets encrypt folder?

@Litbelb No I don't. I have requested several cert with let's encrypt but I was unable to save the cert that is why I am trying to create a new one. Is the a way to retrieve it? It was stored in a docker container and provisioned another container to overwrite that container

1 Like

Welcome to the Let's Encrypt Community, Arthur :slightly_smiling_face:

It is generally inadvisable to create trusted certificates for temporary containers then just delete them. This will quickly run you into the rate limits. Be sure to save your certificates (and their private keys) and reuse them rather than always trying to acquire new ones.

That said, you will probably want to read about how Cloudflare actually handles SSL, particularly with regard to Origin CA certificates.

1 Like

Hi @molayodecker

reading your check shows something like

http://www.tcwlmd.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2606:4700:3035::ac43:a378 GZip used - 1839 / 9396 - 80,43 %
Inline-JavaScript (βˆ‘/total): 3/0 Inline-CSS (βˆ‘/total): 2/7143	200
	
Html is minified: 786,28 %	0.250
	
Visible Content: </app-root>

So a http request answers with a http status 200, not with a redirect (sometimes a problem using Cloudflare), but not with the expected content or a http status 404 - Not Found.

And you use --standalone - but there is a running port 80.

Looks like that --standalone instance isn't visible. Or you run Certbot on the wrong machine.

2 Likes

This may present a problem:

Name:      tcwlmd.com
Addresses: 3.224.255.129
           52.2.36.221

Which (#1) doesn't match the IPv6 address shown in your error message and (#2) may provide a 50/50 chance of hitting the wrong IP.

CloudFlare was also mentioned but I'm not yet sure if that has anything to do with this problem.

1 Like

See the check, created yesterday. There the Cloudflare ipv6 was defined and used.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.