Certbot - Unable to Pass Challenge - DNS A/AAAA Records Not Present for Domain

Help
1

My domain is: chat.santacasavotuporanga.com.br

I ran this command: sudo certbot --nginx

It produced this output: Waiting for verification...
Challenge failed for domain chat.santacasavotuporanga.com.br
http-01 challenge for chat.santacasavotuporanga.com.br
Cleaning up challenges
Some challenges have failed.

Domain: chat.santacasavotuporanga.com.br
Type: unauthorized
Detail: Invalid response from
http://chat.santacasavotuporanga.com.br/.well-known/acme-challenge/3_wk8zjZBBXtYSDknIVZGYijauweveZUQSIgHv8RfhM
[167.249.56.66]: "Apache Tomcat/5.5.7 - Error
report<!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;back"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version): Nginx

PLEASE HELP! :confounded:

1 Like
2

Hi @Lucas-Simoes-SI, and welcome to the LE community forum :slight_smile:

Please see: Let's Debug (letsdebug.net)
Which closely emulates the LE DNS verification process.
It seems your authoritative DNS servers:

santacasavotuporanga.com.br     nameserver = ns1.santacasavotuporanga.com.br
santacasavotuporanga.com.br     nameserver = ns2.santacasavotuporanga.com.br

are a bit too protective and aren't responding to the DNS requests from LE.
Do your DNS servers run Fail2ban or some sort of GeoLocation protection/blocking?

OR

There is no A, or AAAA, record defined in your zone:

nslookup chat.santacasavotuporanga.com.br ns1.santacasavotuporanga.com.br
Address:  162.241.52.169
Name:    chat.santacasavotuporanga.com.br

nslookup chat.santacasavotuporanga.com.br ns2.santacasavotuporanga.com.br
Address:  162.241.52.225
Name:    chat.santacasavotuporanga.com.br

Both requests come back empty!

1 Like
3

I find a ip-adress for santacasavotuporanga.com.br but not for the subdomain chat.santacasavotuporanga.com.br.
check your dns-Entry's.
how you have create the subdomain?

2 Likes
4

Hello,

Sorry, I believe that at the time of the tests performed I was deleting the domain. But I created it again and the error persists. Could you help me?

Thanks

1 Like
5

I believe that the time of the tests performed I was deleting the domain. But I created it again and the error persists.

1 Like
6

i find no subdomain chat.santacasavotuporanga.com.br.
is it your own dns-server or have you a service porvider.
you must create a A-record or a AAAA-record dns-entry.

can you ping to chat.santacasavotuporanga.com.br?

2 Likes
7

I see an IP now:

Name:    chat.santacasavotuporanga.com.br
Address: 167.249.56.66

And this looks better: Let's Debug (letsdebug.net)

Are you still having a problem?

1 Like
8

yes, i also :slight_smile:
wait, in a short time certbot finds an ip

1 Like
9

Hello,

Yes. The problem still persists.

1: chat.santacasavotuporanga.com.br

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for chat.santacasavotuporanga.com.br
Waiting for verification...
Challenge failed for domain chat.santacasavotuporanga.com.br
http-01 challenge for chat.santacasavotuporanga.com.br
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

10

unfortunately persists

11

The A/AAAA problem has been resolved.
This is now another problem:

certbot with --apache won't work with Tomcat.
You need to follow the instructions for Apache Tomcat.
This might be helpful: Problem with certbot/apache/tomcat - #38 by griffin
OR
Use --webroot authentication.
[if you can locate the sites' document root folder]

1 Like
12

hello, rg305

I have this error now

Challenge failed for domain chat.santacasavotuporanga.com.br
http-01 challenge for chat.santacasavotuporanga.com.br
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: chat.santacasavotuporanga.com.br
   Type:   unauthorized
   Detail: Invalid response from
   http://chat.santacasavotuporanga.com.br/.well-known/acme-challenge/hQLGsjQ-qHU-Qp-gMBNWhveE2k2__BpxMgpuRFylimg
   [162.241.52.169]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

Thanks in advance

1 Like
13

It may help if you take the time to understand what's going on:

  • Let's encrypt asks your server (using certbot) to create a text file and serve it as part of your website, in the above case it wants to be able to see http://chat.santacasavotuporanga.com.br/.well-known/acme-challenge/hQLGsjQ-qHU-Qp-gMBNWhveE2k2__BpxMgpuRFylimg
  • This is a file served by your webserver, put there by certbot.
  • If it can't see that file, validation fails

So the thing you need to check is, is certbot putting the file in the right place? Can your website server serve any files at all from /.well-known/acme-challenge/ - e.g. if you add a test file in there (not test.txt) can you browse to it yourself? e.g. http://chat.santacasavotuporanga.com.br/.well-known/acme-challenge/test. Make sure you are allowing /.well-known requests through to the file system.

Once you've solved that you can check you are giving certbot the correct file path for the root of your website.

2 Likes
14

@Lucas-Simoes-SI, please post the output of:
sudo apachectl -t -D DUMP_VHOSTS

1 Like
15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.