Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: intraharmonie.hmtest.fr
I ran this command:
1st attempt:
sudo certbot certonly -d intraharmonie.hmtest.fr --manual --preferred-challenges dns --server https://acme-staging-v02.api.letsencrypt.org/directory
2nd attempt:
sudo certbot certonly -d intraharmonie.hmtest.fr --standalone --preferred-challenges http --server https://acme-staging-v02.api.letsencrypt.org/directory
3rd attempt:
sudo certbot certonly -d intraharmonie.hmtest.fr --preferred-challenges dns --authenticator certbot-dns-standalone:dns-standalone --certbot-dns-standalone:dns-standalone-propagation-seconds 10 --server https://acme-staging-v
02.api.letsencrypt.org/directory
It produced this output:
1st attempt:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for intraharmonie.hmtest.fr
Please deploy a DNS TXT record under the name:
_acme-challenge.intraharmonie.hmtest.fr.
with the following value:
i6ryERDUVFp9Fb9Mo6_Wc7NFxz-MtVCuwhS1wbrlOPM
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: Dig (DNS lookup).
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
Press Enter to Continue
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: intraharmonie.hmtest.fr
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.intraharmonie.hmtest.fr - check that a DNS record exists for this domainHint: The Certificate Authority failed to verify the manually created DNS TXT records. Ensure that you created these in the correct location, or try waiting longer for DNS propagation on the next attempt.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
2nd attempt:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for intraharmonie.hmtest.fr
Could not bind TCP port 80 because it is already in use by another process on
this system (such as a web server). Please stop the program in question and then
try again.
(R)etry/(C)ancel: c
Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
3rd attempt:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugin legacy name certbot-dns-standalone:dns-standalone may be removed in a future version. Please use dns-standalone instead.
Requesting a certificate for intraharmonie.hmtest.fr
Waiting 10 seconds for DNS changes to propagateCertbot failed to authenticate some domains (authenticator: certbot-dns-standalone:dns-standalone). The Certificate Authority reported these problems:
Domain: intraharmonie.hmtest.fr
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.intraharmonie.hmtest.fr - check that a DNS record exists for this domainHint: The Certificate Authority failed to verify the DNS TXT records created by --certbot-dns-standalone:dns-standalone. Ensure the above domains are hosted by this DNS provider, or try increasing --certbot-dns-standalone:dns-standalone-propagation-seconds (currently 10 seconds).
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): Server version: Apache/2.4.52 (Debian)
Server built: 2022-01-03T21:27:14
The operating system my web server runs on is (include version): Debian 11
My hosting provider, if applicable, is: self-hosted in a VirtualBox machine
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.23.0
Hello,
For testing purposes, I have setup a small network in VirtualBox with a Windows Server 2019 domain controller (with a domain named "hmtest.fr") and a Debian 11 web server which hosts an internal test website (named "intraharmonie.hmtest.fr").
Their respective IP addresses are 10.0.2.8/24 and 10.0.2.13/24, both use the gateway 10.0.2.1, and their primary DNS server is the domain controller.
Both VMs is using a NAT network for internet connection (with the following CIDR: 10.0.2.0/24).
They can each access external websites in Firefox.
The machines can ping each other, but the tracert/traceroute command from one to the other is only successful on the domain controller, not on the web server.
Trying to obtain a certificate for intraharmonie.hmtest.fr by using the http-01 challenge has failed so far (checking letsdebug.net from within the domain controller shows no issue with dns-01, but returns a NoRecords error with http-01), that said the dns-01 challenge is the one I'm interested in for my purposes here.
When testing a manual generation of a certificate, I can successfully create the TXT record via the DNS management console in the domain controller, however, said record doesn't seem to be detectable from the webserver, from the domain controller itself via nslookup, nor from online tools.
This results in the error given at the top.
Trying standalone mode doesn't seem to help.
I have attempted to generate a certificate using the 3rd-party plugin certbot-dns-standalone as an authenticator, without success.
I suspect the problem may come from either an error in my DNS setup on one machine or the other, something to do with VirtualBox, or an issue with ports.
Thanks in advance.