Create new certificate Failure


My domain is:

I ran this command: sudo certbot certonly -a webroot --webroot-path=/var/www/html/jira -d -d

It produced this output:

My web server is (include version): Apache 2.4.6

The operating system my web server runs on is (include version): RHEL 7.5

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The web server resides in our DMZ. Domain has a dmz IP address of which was verified by running dig A command.
Externally, DNS is External traffic for is NAT’d to the DMZ address

When I run the certbot certonly command, I assume that certbot fails because (internally) A record points to the private IP address.

I assume this is a common configuration for web servers. How do I workaround this configuration to generate a certificate?
Thank you very much for any help you can provide.


Hi @david.livelsberger

normally, such a configuration should work.

works. Can you create a file test

so that we can test it? - there is no A- and no AAAA-record. So http-01 - challenge can’t work.

Perhaps (first step): Use the test / stage system and create a certificate with as name (only one name).


Thank you for your help.
I will only create a certificate for
When I went to document root, I noticed that Certbot didn’t create the .well-known file. For testing purposes, should I create it? Are there instructions somewhere for creating this test file?


When Certbot runs, it creates the .well-known directory if necessary. If it doesn’t exist, it sounds like Certbot hasn’t been run with that web root.

Certbot automatically creates and deletes the acme-challenge directory, so it’s normal for that not to exist.


Thank you. How do I configure this so that I can test at


That was meant to be @JuergenAuer’s question to you—can you create this file yourself without using Certbot?


nslookup results.txt (443 Bytes)
letsencrypt.log.txt (16.8 KB)

I have created the directory for the test and I get 404 error.
I ran the certbot command with verbose and dry-run arguments. The results are attached. I also ran nslookup from the server. Note the difference between our “internal” DNS and public DNS.


Did you create a test.txt file yourself? That’s what @JuergenAuer was asking for. It’s not something that Certbot would do, but a task for you to make sure that your configuration currently works the way that you expect and the way that Certbot will expect.


Your internal IP-addresses are irrelevant. From outside, I can load your website, so the Letsencrypt-Check has also access to /.well-known/acme-challenge/file-with-a-very-long-token-as-filename

But it’s important to know if there is no file-restriction or other problems (suboptimal redirects). So it’s helpful if you create manual a file, post the name and we can check this.


Yes, I did create test.txt. I am including below the file structure.

[name@detcewawp01 acme-challenge]# pwd
[root@detcewawp01 acme-challenge]# ls -alt
total 0
-rw-r–r-- 1 apache apache 0 Jun 26 12:42 test.txt

#11 returns a “Oops, you’ve found a dead link. - JIRA” 404 Not Found page.

Are you sure that that’s the right directory, and files in that directory get served directly, instead of handled by JIRA’s backend?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.