Http-01 challenge for domain fails

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Requesting a certificate for
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.

 - The following errors were reported by the server:

   Type:   dns
   Detail: No valid IP addresses found for

The operating system my web server runs on is (include version): Ubuntu 21.10

My hosting provider, if applicable, is: ptisp

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.12.0

I'm running Ubuntu in a CT in Proxmox.
I have my subdomain pointing to IP and created an A record in cloudflare pointing to the same IP and that is working.

I use NGINX for other projects and I can generate the certificates.

Hope that someone can help me here :slight_smile:

Best regards,

The IP address of the domain is a private, non-routable address. The HTTP-01 domain verification method requires public IP address.


That means that I need to use NGINX anyways?
But with NGINX he ask for the port and I don't wicht port :weary:

That has nothing to do what web server you are using. The server with name must be reachable from the Internet, for let'sencryt CA to be able to issue a certificate via HTTP-01 method.


I see. I just don't understand what is the solution!
That subdomain is from my domain and the DNS are pointing to Cloudflare so theoretically it should already be accessible by default! theoretically!

The server must have a public IP address associated. Find its value, and put that one into the DNS.

1 Like

@AndreScalaPT Your apex domain points to Cloudflare but this subdomain does not. Update its DNS A/AAAA records if/as appropriate.


Address: 2606:4700:3037::ac43:baa7
Address: 2606:4700:3033::6815:442e

IP addresses in the netwrork are NOT routable via the Internet.
[ -]
For more on that, see: RFC 1918

So, the (first) problem is in DNS:


From any Internet connected computer, try:

They will both fail.


Do I create in cloudflare an A record for
Otherwise the only I see is using a reverse proxy like NGINX for this :face_with_raised_eyebrow:

My knowledge in this is very limited, sorry :sweat_smile:

That's a CloudFlare CDN IP.
Is your system going to be behind the CloudFlare CDN?
If so, then you might NOT need an LE cert at all.

1 Like

So how can access my cloud from outside my network? :sweat_smile:
I see people using Linode but that is not an option to me.

How do you access anything (inside your network) from outside your network?
This is no different.
If you are asking "design" questions, then you have come to the wrong place.
The only added piece is if you intend on "hiding" your site behind CloudFlare CDN.
But even they will need to reach your internal site from their Internet IPs.


Do I point the cloud subdomain to my public IP with an A record?
Not getting yet! :frowning:

ok I'll try with the cloudflare forum, maybe they know how :sweat_smile:

1 Like

You need to start with a working HTTP(S) site before CloudFlare can "use it".


Ok thanks, I'll try to figure out how I'll do that then :slight_smile:

1 Like

Where is the website hosted? Also on a host on your own network? Or somewhere else?


HI @Osiris is hosted here
Just the nextcloud is in my Proxmox server.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.