I ran this command: sudo certbot
It produced this output:
Performing the following challenges: http-01 challenge for greendept.com http-01 challenge for testify4love.com http-01 challenge for testify4love.org http-01 challenge for www.greendept.com http-01 challenge for www.testify4love.com http-01 challenge for www.testify4love.org Waiting for verification... Challenge failed for domain testify4love.com Challenge failed for domain www.testify4love.com http-01 challenge for testify4love.com http-01 challenge for www.testify4love.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: testify4love.com Type: unauthorized Detail: Invalid response from [https://testify4love.com/.well-known/acme-challenge/8W5lCczmyaR5ZLVfQ1Am_48QhMt9y1EXZNxmjQ9y0aY ](https://testify4love.com/.well-known/acme-challenge/8W5lCczmyaR5ZLVfQ1Am_48QhMt9y1EXZNxmjQ9y0aY) [2600:9000:20e9:6600:14:9b04:8440:93a1]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"[http://www.w3.org/TR/html4/loose.dtd\ ](http://www.w3.org/TR/html4/loose.dtd/)">\n<HTML><HEAD><META HTTP-EQ" Domain: www.testify4love.com Type: unauthorized Detail: Invalid response from [https://www.testify4love.com/.well-known/acme-challenge/OnWRlKfCFqWDAEtf-N1j00wqZwLtT3rPDBrcWapwVdQ ](https://www.testify4love.com/.well-known/acme-challenge/OnWRlKfCFqWDAEtf-N1j00wqZwLtT3rPDBrcWapwVdQ) [2600:9000:20e9:6600:14:9b04:8440:93a1]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"[http://www.w3.org/TR/html4/loose.dtd\ ](http://www.w3.org/TR/html4/loose.dtd/)">\n<HTML><HEAD><META HTTP-EQ" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
My web server is (include version): Apache/2.4.39
The operating system my web server runs on is (include version): Amazon Linux 2 AMI (running on an EC2 instance)
My hosting provider, if applicable, is: Amazon Web Services
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Amazon console
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
The error message is telling me to make sure that the DNS A/AAAA records for the domain that failed (testify4love.com) contain the right IP address.
But in Route 53 these A and AAAA records are aliased to Cloudfront, so don’t have any IP address. Should I temporarily change Route 53 A/AAAA records for testify4love.com to the EC2 IP address, create the certificates, and then change the A and AAAA records back to Cloudfront? Or how should I proceed?