Certbot - Unable to Pass Challenge - DNS A/AAAA Records Not Present for Domain

Please fill out the fields below so we can help you better.

My domain is:

www.dropbite.com

I ran this command:
certbot certonly --webroot -w /opt/mattermost/ -d dropbite.com -d www.dropbite.com

It produced this output:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dropbite.com
http-01 challenge for www.dropbite.com
Using the webroot path /opt/mattermost for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.dropbite.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.dropbite.com/.well-known/acme-challenge/paZReDiWXsaimTwrOaubA8BtFPEgpZ1YgmZHuOIEOV4: " <meta name=viewport content=“width=device-widt”, dropbite.com (http-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for dropbite.com

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: dropbite.com
  Type: unknownHost
  Detail: No valid IP addresses found for dropbite.com

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A record(s) for that domain
  contain(s) the right IP address.

• The following errors were reported by the server:

  Domain: www.dropbite.com
  Type: unauthorized
  Detail: Invalid response from
  http://www.dropbite.com/.well-known/acme-challenge/paZReDiWXsaimTwrOaubA8BtFPEgpZ1YgmZHuOIEOV4:
  " <meta name=viewport content=“width=device-widt”

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A record(s) for that domain
  contain(s) the right IP address.

• Your account credentials have been saved in your Certbot
  configuration directory at /etc/letsencrypt. You should make a
  secure backup of this folder now. This configuration directory will
  also contain certificates and private keys obtained by Certbot so
  making regular backups of this folder is ideal.

My operating system is (include version):
Ubuntu 16.04

My web server is (include version):
Nginx

My hosting provider, if applicable, is:
digital ocean

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

PLEASE HELP!

Hi @AngelicaGandica,

dropbite.com is different from www.dropbite.com. You have configured your DNS records to have an address for www.dropbite.com but there is no address for dropbite.com.

If you update your DNS settings so that dropbite.com points to the same place as www.dropbite.com, you should be able to get further with the certificate.

I noticed that Firefox hides this problem because when trying to visit http://dropbite.com/, it automatically tries http://www.dropbite.com/ instead without asking (!). But Chromium or Chrome will show the difference—it shows that http://dropbite.com/ does not exist while http://www.dropbite.com/ does, again due to DNS settings.

Hi @AngelicaGandica,

You have two problems here, the first one, as @schoen already said, you have no A record defined for domain dropbite.com but you have a second problem for www.dropbite.com, Let’s Encrypt can’t reach the challenge.

For the second problem, to be sure you are using the right Document Root for your domain and that the challenge file could be reached, create a test file and try to get it.

mkdir -p  /opt/mattermost/.well-known/acme-challenge/
echo -n "Testing acme-challenge" >  /opt/mattermost/.well-known/acme-challenge/test

Now use your browser to reach the test file http://www.dropbite.com/.well-known/acme-challenge/test

Or using command line:
curl -ikL http://www.dropbite.com/.well-known/acme-challenge/test

If you get the text “Testing acme-challenge” then it is ok, if you get another thing then… or the document root is not the right one or maybe your application Mattermost is doing something strange with these files.

If the problem is Mattermost application you could configure nginx to use a workaround but first, try the test.

Cheers,
sahsanu

thanks @schoen and @sahsanu, very silly of me not catching the first problem, and for the second problem, I didn’t get the “testing acme-challenge” text so I guess I’ll start to fix that.

Thank you very much, I’ll let you know how it goes.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.