Http-01 challenge for domain fails

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cloud.andrescala.pt

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Requesting a certificate for cloud.andrescala.pt
Performing the following challenges:
http-01 challenge for cloud.andrescala.pt
Waiting for verification...
Challenge failed for domain cloud.andrescala.pt
http-01 challenge for cloud.andrescala.pt
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: cloud.andrescala.pt
   Type:   dns
   Detail: No valid IP addresses found for cloud.andrescala.pt

The operating system my web server runs on is (include version): Ubuntu 21.10

My hosting provider, if applicable, is: ptisp

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.12.0

I'm running Ubuntu in a CT in Proxmox.
I have my subdomain pointing to IP http://192.168.30.16/ and created an A record in cloudflare pointing to the same IP and that is working.

I use NGINX for other projects and I can generate the certificates.

Hope that someone can help me here :slight_smile:

Best regards,
Scala

The IP address of the domain cloud.andrescala.pt is a private, non-routable address. The HTTP-01 domain verification method requires public IP address.

2 Likes

That means that I need to use NGINX anyways?
But with NGINX he ask for the port and I don't wicht port :weary:

That has nothing to do what web server you are using. The server with name cloud.andrescala.pt must be reachable from the Internet, for let'sencryt CA to be able to issue a certificate via HTTP-01 method.

2 Likes

I see. I just don't understand what is the solution!
That subdomain is from my domain and the DNS are pointing to Cloudflare so theoretically it should already be accessible by default! theoretically!

The server must have a public IP address associated. Find its value, and put that one into the DNS.

1 Like

@AndreScalaPT Your apex domain points to Cloudflare but this subdomain does not. Update its DNS A/AAAA records if/as appropriate.

Name:   cloud.andrescala.pt
Address: 192.168.30.16

Name:   andrescala.pt
Address: 172.67.186.167
Name:   andrescala.pt
Address: 104.21.68.46
Name:   andrescala.pt
Address: 2606:4700:3037::ac43:baa7
Name:   andrescala.pt
Address: 2606:4700:3033::6815:442e
3 Likes

IP addresses in the netwrork 192.168.0.0/16 are NOT routable via the Internet.
[192.168.0.0 - 192.168.255.255]
For more on that, see: RFC 1918

So, the (first) problem is in DNS:

Name:    cloud.andrescala.pt
Address: 192.168.30.16

From any Internet connected computer, try:
http://cloud.andrescala.pt/
OR
http://192.168.30.16/

They will both fail.

3 Likes

Do I create in cloudflare an A record for 172.67.186.167?
Otherwise the only I see is using a reverse proxy like NGINX for this :face_with_raised_eyebrow:

My knowledge in this is very limited, sorry :sweat_smile:

That's a CloudFlare CDN IP.
Is your system going to be behind the CloudFlare CDN?
If so, then you might NOT need an LE cert at all.

1 Like

So how can access my cloud from outside my network? :sweat_smile:
I see people using Linode but that is not an option to me.

How do you access anything (inside your network) from outside your network?
This is no different.
If you are asking "design" questions, then you have come to the wrong place.
The only added piece is if you intend on "hiding" your site behind CloudFlare CDN.
But even they will need to reach your internal site from their Internet IPs.

2 Likes

Do I point the cloud subdomain to my public IP with an A record?
Not getting yet! :frowning:

ok I'll try with the cloudflare forum, maybe they know how :sweat_smile:

1 Like

You need to start with a working HTTP(S) site before CloudFlare can "use it".

2 Likes

Ok thanks, I'll try to figure out how I'll do that then :slight_smile:

1 Like

Where is the website andrescala.pt hosted? Also on a host on your own network? Or somewhere else?

2 Likes

HI @Osiris is hosted here
Just the nextcloud is in my Proxmox server.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.