Certificate Renewal

anaghajoshee · July 21, 2024, 11:40am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
awspractice.org

I ran this command:
sudo certbot certonly --standalone --preferred-challenges http -d awspractice.org

It produced this output:
Detail: no valid A records found for awspractice.org; no valid AAAA records found for awspractice.org
My web server is (include version):
httpd

The operating system my web server runs on is (include version):
Amazon Linux

My hosting provider, if applicable, is:
NA
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.6.0

Osiris · July 21, 2024, 11:50am

~~Three~~four things spring to mind:

The error message is pretty self-explanatory: there is no A or AAAA RR present for awspractice.org in the DNS zone, which is required for the http-01 challenge;
Is there a specific reason you're using the standalone authenticator plugin? You mention there's a webserver running (and with "httpd" you probably mean Apache httpd, right?), any reason you're not using the apache or webroot authenticator?
If you specify a specific authenticator which can only do a single challenge, it's superfluous to also specify --preferred-challenges;
You say "renewal", but you're not using certbot renew. Any specific reason for that?

webprofusion · July 22, 2024, 2:38am

Just to add to what @Osiris has already mentioned, you can't just make up a domain name and use it - you have to register them with a domain registrar, and the registrar then points them at DNS nameservers (theirs or the ones you tell it to use).

From DNS, your domain will typically point to the IP address of a web server and that's what gives you a domain that resolves to a website.

Let's Encrypt will only issue certs for real, validated domains.

MikeMcQ · July 22, 2024, 3:00am

I wondered that too. Was it short for "AWS Practice"?

That said, there is a registered domain for awspractice.org at Squarespace so someone owns it.

system · August 21, 2024, 3:01am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.