Certificate request fails, DNS issue?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: treens.nl

I ran this command: certbot --apache

It produced this output:

  • The following errors were reported by the server:

    Domain: treens.nl
    Type: dns
    Detail: No valid IP addresses found for treens.nl

  • The following errors were reported by the server:

    Domain: www.treens.nl
    Type: unauthorized
    Detail: During secondary validation: Invalid response from
    http://www.treens.nl/.well-known/acme-challenge/Im5pEJx2ScGXL8hGqx_sjdB7yrEUL_skpf55yYPdoL8
    [37.48.84.247]: "\n\n300 Multiple
    Choices\n\n

    Multiple C"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):
Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 20.04.3 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
0.40.0

It seems you've managed to get a certificate for treens.nl, so any DNS issue that was present for that hostname, is gone now. (I don't see a DNS issue either.)

However, your certificate is only valid for treens.nl and not for www.treens.nl.

I see Let's Encrypt tried to connect to the IP address 37.48.84.247 and that gave an unusual response "HTTP 300 Multiple Choices" which is not commonly used. However, I see that now you've fixed your DNS the IP address is changed to 83.149.110.90.

So my recommendation would be to try to get a new certificate covering both hostnames. Unless you're absolultely sure you and your users are not going to use the www subdomain. (Although I would still recommend it.)

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.