Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mail.izbadeluxe.ru

I ran this command: ./letsencrypt-auto certonly --standalone -d mail.izbadeluxe.ru

It produced this output:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.izbadeluxe.ru
Waiting for verification...
Challenge failed for domain mail.izbadeluxe.ru
http-01 challenge for mail.izbadeluxe.ru
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: mail.izbadeluxe.ru
  Type: unauthorized
  Detail: Invalid response from
  http://mail.izbadeluxe.ru/.well-known/acme-challenge/NIcad5BEuCZkZeWAf54kkFhO46XNTy0I_Pc4Ns6fw7Y
  [62.173.128.10]: "\r\n401 Authorization
  Required\r\n<body
  bgcolor="white">\r\n

  401 Authorization Required</"

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

alex@T480  ~  nslookup mail.izbadeluxe.ru  1 ↵  1069  10:29:15
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: mail.izbadeluxe.ru
Address: 62.173.128.10

alex@T480  ~    1070  11:14:21
alex@T480  ~  dig mail.izbadeluxe.ru   1070  11:14:46

; <<>> DiG 9.16.1-Ubuntu <<>> mail.izbadeluxe.ru
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51397
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;mail.izbadeluxe.ru. IN A

;; ANSWER SECTION:
mail.izbadeluxe.ru. 268 IN A 62.173.128.10

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Nov 29 11:14:52 MSK 2020
;; MSG SIZE rcvd: 63

My web server is (include version): nginx zimbra

The operating system my web server runs on is (include version): Ubuntu 16.04.3 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

Please help to understand how i can fix it because DNS working fine but certbot cant update certificate.

When I visit http://mail.izbadeluxe.ru, I get the admin web interface of your modem.

You need to forward port 80 to your Linux server instead, so that port 80 traffic can reach Certbot instead.

You might be able to do this by re-assigning the admin web interface of your modem to another port, and then port-forwarding port 80 afterwards.

az you awesome! Thank you for workaround. I forgot that i block 80 port to zimbra.

Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.