Challenge Faild for domain

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.lightmedia.club lightmedia.club

I ran this command: sudo certbot --nginx

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?

1: lightmedia.club
2: ask.lightmedia.club
3: www.ask.lightmedia.club
4: deluge.lightmedia.club
5: www.deluge.lightmedia.club
6: vm.lightmedia.club
7: www.lightmedia.club

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for deluge.lightmedia.club
http-01 challenge for lightmedia.club
http-01 challenge for www.ask.lightmedia.club
http-01 challenge for www.deluge.lightmedia.club
http-01 challenge for www.lightmedia.club
Waiting for verification…
Challenge failed for domain lightmedia.club
Challenge failed for domain www.lightmedia.club
http-01 challenge for lightmedia.club
http-01 challenge for www.lightmedia.club
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version):
nginx version: nginx/1.16.1 (Ubuntu)
built with OpenSSL 1.1.1c 28 May 2019
TLS SNI support enabled

The operating system my web server runs on is (include version):
NAME=“Ubuntu”
VERSION=“19.10 (Eoan Ermine)”

My hosting provider, if applicable, is:
Domain is held by Ionos otherwise self hosted

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.36.0

I was able to get self signed cert on the site. I am really not sure what is causing my challenge fail since the rest of my sub-domains are working. i was able to get them to pass the challenge by redirecting the cname of each one to my duckdns. Ionos will not allow cname on top level domain so i have resorted to Redirect (Frame) http://xzzy.duckdns.org.

2

Hi @killerherts

there is a check of your domain, ~~one hour old - https://check-your-website.server-daten.de/?q=lightmedia.club

You have ipv4 and ipv6:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
lightmedia.club A 74.208.236.4 Kansas City/Missouri/United States (US) - 1&1 Internet SE Hostname: 74-208-236-4.elastic-ssl.ui-r.com yes 1 0
AAAA 2607:f1c0:100f:f000::2ab Kansas City/Missouri/United States (US) - 1&1 Internet SE yes
www.lightmedia.club A 74.208.236.4 Kansas City/Missouri/United States (US) - 1&1 Internet SE Hostname: 74-208-236-4.elastic-ssl.ui-r.com yes 1 0
AAAA 2607:f1c0:100f:f000::2ab Kansas City/Missouri/United States (US) - 1&1 Internet SE yes

Both send the answer http status 204 - No Content.

You can't create a Letsencrypt certificate

with such a frame redirect.

So if Ionos doesn't allow a CNAME, you can't create a certificate if you have a dynamic ip address.

You may create a CNAME with the www subdomain, then use only the www version.

3

Ok that makes sense, if I adjust the name servers to be xzzy.duckdns.org and kjhh.duckdns.org it should then point to the correct spot for the top level domain and then nginx will handle the request according to the conf

1 Like
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.