Failed to validate ownership of domainName

jimmychong · April 13, 2026, 5:07pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: 9595.sureparktech.com

I ran this command: nslookup acme-v02.api.letsencrypt.org

It produced this output:

Server: my.meraki.net
Address: 10.1.225.1

Non-authoritative answer:
Name: ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com
Addresses: 2606:4700:60:0:f53d:5624:85c7:3a2c
172.65.32.248
Aliases: acme-v02.api.letsencrypt.org
prod.api.letsencrypt.org

My web server is (include version): Kestrel

The operating system my web server runs on is (include version): Windows 10 Pro

My hosting provider, if applicable, is: Self Host

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no, we don't have a control panel.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): lettuceencrypt

Osiris · April 13, 2026, 5:10pm

With the questions "I ran this command" and "it produced this output" the idea is that you provide the command (or button you pressed) which should have resulted in you getting a certificate.

The nslookup of the Let's Encrypt ACME endpoint isn't that.

We need to know what you did with the ACME client used (lettuceencrypt apparently) and what exact error it resulted in et cetera.

Bruce5051 · April 13, 2026, 5:15pm

Hello @jimmychong,

From this 1) Permanent link to this check report shows significant GeoBlocking.
And this shows a redirect to HTTPS

$ curl -Ii http://9595.sureparktech.com/
HTTP/1.1 307 Temporary Redirect
Date: Mon, 13 Apr 2026 17:14:07 GMT
Server: Kestrel
Location: https://9595.sureparktech.com/

And this 2) Permanent link to this check report shows essentially all blocking of HTTPS.

Please see Multi-Perspective Validation & Geoblocking FAQ

Edit:
Also the IPv4 Address you shared is part of the IPv4 Private network - Wikipedia

Bruce5051 · April 13, 2026, 5:36pm

Supplemental:
One more observation using ICANN Lookup for the domain name sureparktech.com

Registry Expiration: 2026-04-14 21:59:15 UTC
Registrar Expiration: 2026-04-14 16:59:15 UTC

linkp · April 13, 2026, 7:09pm

That threw me for a second, too, @Bruce5051, then I remembered that Windows tells you the name and IP of the resolver where the nslookup command sent its query, so that RFC 1918 IP is harmless.

jimmychong · April 13, 2026, 9:52pm

Yes, the network vendor added GeoBlocking to the firewall. Once it is removed, it is back to normal. Case solved.

Thank you very much!

Topic		Replies	Views
Authorization for Domain Failure Help	3	677	November 2, 2018
Renew certificate Help	4	589	December 22, 2022
Timeout during connect (likely firewall problem) Help	4	510	October 1, 2022
Request failed : Web-based validation failed : Failed to request certificate : Help	6	1514	August 8, 2022
Cleaning up challenges Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details Help	9	2260	October 21, 2022

Failed to validate ownership of domainName

Please see Multi-Perspective Validation & Geoblocking FAQ

Related topics