Getting an error trying to get the certificate

My domain is:
marketsfire.com

I ran this command:

sudo certbot --apache

It produced this output:

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.marketsfire.com
Waiting for verification...
Challenge failed for domain www.marketsfire.com
http-01 challenge for www.marketsfire.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version):
Apache/2.4.41

The operating system my web server runs on is (include version):
ubuntu 20.04

Hi @signalsn

your configuration looks completely wrong, see https://check-your-website.server-daten.de/?q=marketsfire.com

Your www version points to

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
marketsfire.com A 109.74.192.101 London/England/United Kingdom (GB) - Linode, LLC Hostname: li139-101.members.linode.com yes 1 0
AAAA yes
www.marketsfire.com Name Error yes 1 0
CNAME zmverify.zoho.com yes 1 0
CNAME mail.zoho.com yes

zoho.com, so you must run your Certbot on a Zoho - server.

I don't think that's possible.

Where do you run your Certbot? On the 109.74.192.101 ip? If yes, use the non-www domain name.

Zoho may have an integrated solution.

But there is a Bad Request 400 - looks like Zoho doesn't want / allow / know your domain.

1 Like

Hi Juergen,

First of all thank you very much for your help, I really appreciate it :slight_smile:
I'm not understanding completely. Zoho is the mail provider, I just have MX records and CNAME records related to it. The A record is pointing to the IP where the webserver is hosted.
Please explain me, why should I run certbot in Zoho is the website is hosted in Linode (109.74.192.101)?

Your marketsfire.com name points to 109.74.192.101
Your www.marketsfire.com name points to mail.zoho.com.

It sounds like you expect both of those names to point to your server that you're running certbot on, but they don't. So when Let's Encrypt is trying to validate that you own www.marketsfire.com it is instead getting some other server that can't fulfill the challenge.

Most people expect that the www. version does the same thing as not including it, but there's nothing in the Internet protocols that requires that to be the case, and in your case they're not. You either don't want to tell certbot to get a certificate for the www. version, or you want to fix your DNS so they both go to the same server.

1 Like

Thank you very much for your help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.