Error: No valid IP addresses found, but URL works in web browser

I've created a new Ubuntu server to host a Wordpress site. I can access the site, http://v2.picaluna.com/ via my web browser without issue. However, when running sudo certbot --apache -d v2.picaluna.com I get the following error:

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: v2.picaluna.com
Type: dns
Detail: No valid IP addresses found for v2.picaluna.com

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

I've used used certbot a number of times in the past for both Apache2 and NGINX without issue, so I'm a little stumped with this issue. With the v2.picaluna.com domain working in the browser and the following link shows the correct IP address: https://dnschecker.org/all-dns-records-of-domain.php?query=v2.picaluna.com&rtype=ALL&dns=google

With the A record looking as though it's correct, could there be an issue with my user access on the server? Like, could some sort of folder required by cerbot not have the correct access? Anything I should be hunt down? Any advice provided will be greatly appreciated.

A worthy note on the subject is: The main domain (picaluna.com) is a WIX site hosted on server A. The v2.picaluna.com site is hosted on a different, server B (Ubuntu AWS EC2 instance). Could this be an issue?

My domain is: v2.picaluna.com

I ran this command: sudo certbot --apache -d v2.picaluna.com

It produced this output:

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: v2.picaluna.com
Type: dns
Detail: No valid IP addresses found for v2.picaluna.com

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

My web server is (include version): Ubuntu 20.04.2 LTS

The operating system my web server runs on is (include version): Ubuntu 20.04.2 LTS

My hosting provider, if applicable, is: Domain is hosted on Digital Pacific; Server is an AWS EC2 instance

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel: I added the A Record using the Zone Editor.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.18.0

Running a check on v2.picluna.com shows an IP address of 52.63.189.91 which is for the AWS server. Your certbot request is being forwarded to https to your domain by Amazon, so the request fails. Cerbot needs to connect via http for the challenge.

Hold on. I'll be back. Phone is ringing.

(For the apex domain an IP address of 23.236.62.147.)

Hmmm, so how would I go about changing the request from https to http? When searching google to force requests to use http I get a lot of responses to use UFW which doesn't seem right. You mentioned it's being forwarded to https by Amazon which, to me, means UFW is 100% the wrong place to be looking.

Any tips on what I should be searching for to find the solution?

Thanks in advance

Unable to find the solution myself, I reached out to someone a lot smarter than me who used --manual --preferred-challenges dns which required me to add a TXT to my domain. After that, I was able to get a certificate.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.