Home server. Trouble getting LetsEncrypt to work

Hello,
I’m trying to get Let’s Encrypt’s certbot to work on my home web server and I’m running into some problems. I would be thankfor for any help. Here is the requested info:

My domain is:
1:halverscience.net <------ preferred
2: www.halverscience.net
3: makotomagic.net <------ preferred
4: www.makotomagic.net
5: halverscience.webredirect.org
6: www.halverscience.webredirect.org
7: makotomagic.webredirect.org
8: www.makotomagic.webredirect.org

I ran this command:
sudo certbot --apache

It produced this output:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for halverscience.net
http-01 challenge for halverscience.webredirect.org
http-01 challenge for makotomagic.net
http-01 challenge for makotomagic.webredirect.org
http-01 challenge for www.halverscience.net
http-01 challenge for www.halverscience.webredirect.org
http-01 challenge for www.makotomagic.net
http-01 challenge for www.makotomagic.webredirect.org
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.makotomagic.webredirect.org (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for www.makotomagic.webredirect.org, makotomagic.net (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for makotomagic.net, halverscience.net (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for halverscience.net, www.makotomagic.net (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for www.makotomagic.net, www.halverscience.net (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for www.halverscience.net, makotomagic.webredirect.org (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for makotomagic.webredirect.org, www.halverscience.webredirect.org (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for www.halverscience.webredirect.org, halverscience.webredirect.org (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for halverscience.webredirect.org

IMPORTANT NOTES:

My web server is (include version):
apachectl -v
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2020-03-13T12:26:16

The operating system my web server runs on is (include version):
Distributor ID: Ubuntu
Description:Ubuntu 18.04.4 LTS
Release:18.04
Codename:bionic

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes (I can use sodu)

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot --version
certbot 0.31.0

Further information: I use a Cisco E1200 router. I have port forwarding for ports 80 and 443 to my server machine going.

I am using a dynamic dns service: https://www.dynu.com/en-US/
My server asks dynu for domain name IP updates using
ddclient version 3.8.3

When I try the letsdebug.net service I get this message:

Test result for halverscience.net using http-01
ReservedAddress
Fatal
A private, inaccessible, IANA/IETF-reserved IP address was found for halverscience.net.
Let’s Encrypt will always fail HTTP validation for any domain that is pointing to an
address that is not routable on the internet. You should either remove this address and
replace it with a public one or use the DNS validation method instead.
192.168.1.128

I find it strange that the LetsDebug is getting 192.168.1.128 as my ip address. This is the server’s address on my home network, but I thought this address was not visible outside of my home network. I don’t know how to follow the error message’s advice, to “remove this address and
replace it with a public one”. Currently my public address is 47.41.16.111, but that will change every few days.

Thank you!

Peter H.

1 Like

All of your hostnames give back the private IP address. It seems your dynamic DNS software ddclient doesn't update your IP address correctly: looks like it just uses the local address in stead of the actual public IP address.

This most likely is a ddclient issue, not something wrong with Let's Encrypt. See for example: ddclient / Wiki / routers

3 Likes

Thank you for your tip and yes, ddclient was the problem.

For anyone interested, my mistake was to accept the default auto-configuration when installing ddclient. To get it to work, I carefully edited the /etc/ddclient.conf file. I used the first example in the dynu ddclient web page which is here: https://www.dynu.com/DynamicDNS/IPUpdateClient/DDClient.

Whew! I’m glad my web site is finally working!!!

Peter H.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.