EC2 apache2 letsencrypt namecheap - certbot not working

Hello,

I tried two things to setup letsencrypt for my website, but it is not working.
I have my domain with namecheap.

I have added the following A records in Advanced DNS:

A Record --- iqnesstech.com --- 3.110.155.46 (Public IP) -- Automatic (TTL)
A Record --- www.iqnesstech.com --- 3.110.155.46 (Public IP) -- Automatic (TTL)

I am running Ubuntu 22.04 EC2 instance with apache2 running.
Following are the 2 commands I tried.

  1. sudo certbot --apache -v
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: iqnesstech.com
2: www.iqnesstech.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1,2
Requesting a certificate for iqnesstech.com and www.iqnesstech.com
Performing the following challenges:
http-01 challenge for iqnesstech.com
http-01 challenge for www.iqnesstech.com
Waiting for verification...
Challenge failed for domain iqnesstech.com
Challenge failed for domain www.iqnesstech.com
http-01 challenge for iqnesstech.com
http-01 challenge for www.iqnesstech.com

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: iqnesstech.com
Type: dns
Detail: no valid A records found for iqnesstech.com; no valid AAAA records found for iqnesstech.com

Domain: www.iqnesstech.com
Type: dns
Detail: no valid A records found for www.iqnesstech.com; no valid AAAA records found for www.iqnesstech.com

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

  1. sudo certbot certonly --manual --preferred-challenges dns

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: iqnesstech.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.iqnesstech.com - check that a DNS record exists for this domain

Domain: www.iqnesstech.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.iqnesstech.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the manually created DNS TXT records. Ensure that you created these in the correct location, or try waiting longer for DNS propagation on the next attempt.

Appreciate your help in this regard.

Thanks

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

4 Likes

Please see my comments inline :

The Apache plug-in does an HTTP challenge. It needs an A or AAAA record (or both) for your domain name to identify your IP. The A is for IPv4, AAAA for IPv6.

You need to create the appropriate A and/or AAAA record in your DNS

I see you tried a DNS challenge but try the Apache plug-in first

5 Likes

No one sees them, we see:

Name:    iqnesstech.com.iqnesstech.com
Address: 3.110.155.46

Name:    www.iqnesstech.com.iqnesstech.com
Address: 3.110.155.46
6 Likes

Classic!

6 Likes

Sorry, did not get what you have mentioned. Could you please help understand?

1 Like

nslookup iqnesstech.com returns nothing
nslookup iqnesstech.com.iqnesstech.com returns IP 3.110.155.46

Do you see the difference?

8 Likes

Oh, got it. Could you advise how this could be fixed? Is it an issue with my domain name provider (namecheap)?

It happens in the way you create the record.

If you need "x.y.z" and ...
You add "x.y.z" to zone "y.z" it creates "x.y.z.y.z" [not "x.y.z"].
So...
Don't include the zone in the name being created.
Add "x" to zone "y.x" and it creates "x.y.z".

The potentially confusing entry is the zone itself:
If you need an IP for "y.z"... what entry do you add?
Add an (empty) entry with only the IP and it should make:
y.z = IP entered.

Don't forget to delete the two entries you created earlier.

9 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.