Challenge Failed

I'm kinda new to this subject, I'm trying to generate the certificate for my domain, but it's returning an error "To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address"
Already checking port 80 is open on my domain, I've tried several ways, with firewall disabled / enabled.

My domain is:

I ran this command: sudo certbot certonly --standalone -d

Produced this output:Challenge failed for domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


Hi @hiro0A,

The command you used, with --standalone, is meant to be run

  • on a server that you control,
  • that the DNS A (and, if applicable, AAAA) record for your domain name is already pointed to,
  • that is not running a web server application on port 80 and is not going to be running one in the future.

It looks like at least the third condition doesn't currently apply here, and maybe the second one doesn't apply either?

What is the server that you're trying to run this command on, how did you choose to use --standalone with Certbot, and where is your DNS record for your domain currently pointed?

Edit: I think the second condition doesn't apply right now (your domain name is pointed to a domain parking service rather than to your own server, so you need to update your DNS records to point to your server before requesting the certificate). After that, if you are running nginx on your server, I suggest trying again with --nginx instead of --standalone, and without including certonly. Something like

sudo certbot --nginx -d -d

Note that this won't work until your DNS records are pointed directly at your server, and also until you have a server block in your nginx configuration that's configured to listen on port 80 for your specific domain name (including the www subdomain).


thank you, it worked


Great, I'm glad to hear it!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.