I've searched the web, read many posts/guides, and tested a ton.. so hoping someone here has a real solution, not a guess... I've read all the guesses I think!
Issue:
Tried renewing the not-yet expired cert. The deleted that cert and tried creating new -- same problem both ways.
Error:
"Invalid domain. Make sure the domain name can resolve to public IP."
Tested:
Synology 'Web Server' service on and off
my DDNS IP is resolved properly using multiple test sites
I don't think you've provided enough information for anyone to even take a normal guess.
At this point, it would be a wild guess on my part.
If you could please provide more details.
Starting with: Answering the questions that are provided to all "Help" topics.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
And in addition...
Since you showed the error message "`Invalid domain`", the FQDN shown in that error message.
Since you mentioned "proxy", the proxy settings [as they relate to the FQDN involved].
Since you mentioned ports being forwarded, those firewall NAT settings as well.
Please note the canyouseeme.org.well-known appears to be missing a forward slash.
I believe the redirected URL should look like https://canyouseeme.org/well-known/acme-challenge/sometestfile
$ curl -Ii https://canyouseeme.org/well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
Date: Sun, 07 May 2023 18:15:05 GMT
Server: Apache/2.4.7 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1
BadRedirect
Error
Sending an ACME HTTP validation request to canyouseeme.org results in an unacceptable redirect. This is most likely a misconfiguration of your web server or your web application.
It appears that a redirect was generated by your web server that is missing a trailing slash after your domain name: https://canyouseeme.org.well-known/acme-challenge/letsdebug-test. Check your web server configuration and .htaccess for Redirect/RedirectMatch/RewriteRule.
Trace:
@0ms: Making a request to http://canyouseeme.org/.well-known/acme-challenge/letsdebug-test (using initial IP 52.202.215.126)
@0ms: Dialing 52.202.215.126
@14ms: Server response: HTTP 302 Found
@14ms: Received redirect to https://canyouseeme.org.well-known/acme-challenge/letsdebug-test
IssueFromLetsEncrypt
Error
A test authorization for canyouseeme.org to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
52.202.215.126: Fetching https://canyouseeme.org.well-known/acme-challenge/OLLFrrd9-QZAq1u2dNwJMGYG6kzwm0LXVX-DnFeqv64: Invalid host in redirect target "canyouseeme.org.well-known". Check webserver config for missing '/' in redirect target.
Its working now... as a whim, I removed the "www" from the list provided to 'Subject Alternative Name' and it worked! I assumed I needed the A NAME, but looks like I only needed the CNAMEs?
