Creating only subdomain cert with certbot

Hello,
I'm trying to get cert for my subdomain. I can create file with data listed above and wget or curl it.
But certbot is trying to check main domain where i don't have access to dns zone or ftp account.
Is that a bug or proper action?

My domain is: bip.gminawarta.pl

I ran this command: certbot certonly --manual -d bip.gminawarta.pl

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for bip.gminawarta.pl
Performing the following challenges:
http-01 challenge for bip.gminawarta.pl


Create a file containing just this data:

PszvxKT7STuqDPRxan_mOw3ereGNdTTlm2sDyn9jzw8.a_ApuyETPuMBtZ2ZGAS-_3jfYu_mzFgQ4L6dvCK90aE

And make it available on your web server at this URL:

http://bip.gminawarta.pl/.well-known/acme-challenge/PszvxKT7STuqDPRxan_mOw3ereGNdTTlm2sDyn9jzw8


Press Enter to Continue
Waiting for verification...
Challenge failed for domain bip.gminawarta.pl
http-01 challenge for bip.gminawarta.pl
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: bip.gminawarta.pl
    Type: unauthorized
    Detail: Invalid response from
    https://gminawarta.pl/.well-known/acme-challenge/PszvxKT7STuqDPRxan_mOw3ereGNdTTlm2sDyn9jzw8
    [89.161.193.129]: "<html lang="en"><meta
    charset="utf-8"><meta http-equiv="X-UA-Compatible"
    content="IE=edge"><meta name="view"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):
Server version: Apache/2.4.6 (CentOS)
Server built: Oct 19 2017 20:39:16

The operating system my web server runs on is (include version): Centos 7

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

This looks to me like an IPv6 issue. Your domain's IPv4 address responds with the Apache server, but its IPv6 address responds with a server running IdeaWebServer.

You'll want to make sure that both your IPv4 and IPv6 addresses point to your Apache server. If your Apache server doesn't have an IPv6 address, you'll want to remove the domain's AAAA DNS record.

1 Like

Now only the IPv4 address is returned by DNS, and the IPv4 service shows:
Server: IdeaWebServer/2.0.5

Is this the correct IP for your system?:

Name:    gminawarta.pl
Address:  89.161.193.129
1 Like