DNS error during certbot

My domain is : onlyoffice.lechambon.fr

I ran this command: certbot

It produced this output:

My web server is (include version): nginx 1.18.0-6ubuntu14.3

The operating system my web server runs on is (include version): ubuntu 22.04

My hosting provider, if applicable, is: I'm not, my website will be local

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

Hello @zertag, welcome to the Let's Encrypt community. :slightly_smiling_face:

Using Let's Debug with HTTP-01 Challenge yields these results https://letsdebug.net/onlyoffice.lechambon.fr/1408786

NoRecords
Fatal
No valid A or AAAA records could be ultimately resolved for onlyoffice.lechambon.fr. This means that Let's Encrypt would not be able to connect to your domain to perform HTTP validation, since it would not know where to connect to.
No A or AAAA records found.

The HTTP-01 Challenge of the Challenge Types - Let's Encrypt requires the Domain Name to map to an IP Address and also requires Port 80 access Best Practice - Keep Port 80 Open.

You do not have a DNS Record that is A or AAAA or CNAME for the Domain Name.
You need to add a DNS Record for the Domain Name with your DNS service provider.

2 Likes

Let's Encrypt is a public Certificate Authority and must validate your host name using the public internet starting with the DNS.

There are ways to get certs for purely local names. Some discussion is at below topic. You will also find others posts here talking about smallstep and other methods. Try searching

One example thread here

5 Likes

If you own the domain "lechambon.fr", you could use DNS-01 authentication to obtain a cert from that domain [regardless of global DNS resolution].

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.