Challenge failed for domain http-01

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ujalasinghfirstapp.com

I ran this command: sudo certbot certonly --webroot -w /var/www/html/ -d ujalasinghfirstapp.com -d www.ujalasinghfirstapp.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ujalasinghfirstapp.com
http-01 challenge for www.ujalasinghfirstapp.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Challenge failed for domain ujalasinghfirstapp.com
Challenge failed for domain www.ujalasinghfirstapp.com
http-01 challenge for ujalasinghfirstapp.com
http-01 challenge for www.ujalasinghfirstapp.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

No records exist for that domain. You’ll need to make an A record and expose at least port 80 (port 443 as well if you want to publicly serve this site) to the internet for Let’s Encrypt to process the challenge and issue a certificate.

1 Like

I ran this command : - netstat -ntlup | grep LISTEN

It gives me this output ,
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2702/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3405/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3186/master
tcp6 0 0 :::111 :::* LISTEN 2702/rpcbind
tcp6 0 0 :::80 :::* LISTEN 21716/httpd
tcp6 0 0 :::22 :::* LISTEN 3405/sshd
tcp6 0 0 :::443 :::* LISTEN 21716/httpd

That means that I have already exposed the port 80 right.
If u want to open go and type this IP in ur browser 13.235.246.249.
And how can I make an A record for the same domain ?

It appears you don’t actually own that domain. Let’s Encrypt is only able to issue certificates for valid registered domains, so you’ll have to purchase it at a registrar, I use Namecheap for some of mine but there are quite a few out there. The average price for a .com is around $8 - $11 a year. Then you configure an A and/or AAAA record in the control panel.

2 Likes

I have created a domain name on https://www.cloudns.net/ with this myapp.ujala-app.dnsabr.com. And after that I ran the previous command and I got the output. And it worked.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/myapp.ujala-app.dnsabr.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/myapp.ujala-app.dnsabr.com/privkey.pem
    Your cert will expire on 2020-05-22. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

By the way thanks @ski192man.

A post was split to a new topic: NXDOMAIN looking up TXT for _acme-challenge.mydomain.net

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.