I ran this command:sudo certbot certonly --standalone
It produced this output:
sudo] password for dict:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): emeeting.myatbu.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for emeeting.myatbu.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. emeeting.myatbu.com (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for emeeting.myatbu.com
172.18.40.64
Warning: Private ip address found. No connection possible. There are two types of ip addresses: Worldwide unique, global addresses and private addresses. If you want that other users connect your domain, your domain must have minimal one A- (ipv4) or AAAA- (ipv6) entry with a global ip address. Check Private network - Wikipedia to understand the details: 172.16.0.0 to 172.31.255.255: Class B - 16 private net, every with 65.536 addresses
thanks for your response. am working on an intranet server and I am new to using certbot.
What can I do to make it work with the intranet IP? Am trying to setup a chat server with matrix-synaspe which recommends letsencrypt.
Thanks in advance
pardon me, still have a question, is there a different command to make Let’s Encrypt check the DNS challenge, instead of the HTTP-01 challenge? Thanks in advance
After I created a TXT record I ran the command below
"sudo certbot -d emeeting.myatbu.com --manual --preferred-challenges dns certonly"
I get the output below
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for emeeting.myatbu.com
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.
Are you OK with your IP being logged?
(Y)es/(N)o: yes
Please deploy a DNS TXT record under the name
_acme-challenge.emeeting.myatbu.com with the following value:
Qia6jxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfyA
Before continuing, verify the record is deployed.
Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. emeeting.myatbu.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.emeeting.myatbu.com
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: emeeting.myatbu.com
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.emeeting.myatbu.com
I added another TXT record to include _acme-challenge; Below is the outcome
sudo certbot -d emeeting.myatbu.com --manual --preferred-challenges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for emeeting.myatbu.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: yes
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.emeeting.myatbu.com with the following value:
RfloBvXXXXXXXXXXXXXXXXXGy2s
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. emeeting.myatbu.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "v=spf1 ip4:172.18.40.64" found at _acme-challenge.emeeting.myatbu.com
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: emeeting.myatbu.com
Type: unauthorized
Detail: Incorrect TXT record "v=spf1 ip4:XXX.XX.XX.64" found at
_acme-challenge.emeeting.myatbu.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I sincerely don't know what next to do. I will be grateful to understand what certbot requires
"What certbot requires" is exactly what it told you it requires: a TXT record for _acme-challenge.emeeting.myatbu.com with the contents of RfloBvXXXXXXXXXXXXXXXXXGy2s. Why didn't you do that? Instead, you had a TXT record for the same domain with your SPF record, which is almost certainly incorrect for SPF, and it's most definitely incorrect for Let's Encrypt. You don't need to delete the existing TXT record in order to create the one Let's Encrypt wants (though you should, as it isn't doing anything useful); just create another one with the correct value. Note that "the correct value" will be different the next time you run certbot.