Invalid IP on cert request

I have used the manual approach on https://gethttpsforfree.com/ before with file challenge but when I tried renewing last week it failed with "Invalid IP" as the reason. I tried installing certbot to get a certificate but no luck.

This has worked for 2 years and now something is wrong and I can't see what that might be.

Thanks in advance.

My domain is: leviathan-borealis.asuscomm.com (DDYN)

I ran this command: sudo certbot certonly --standalone

It produced this output:
Performing the following challenges:
http-01 challenge for leviathan-borealis.asuscomm.com
Waiting for verification...
Challenge failed for domain leviathan-borealis.asuscomm.com
http-01 challenge for leviathan-borealis.asuscomm.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: leviathan-borealis.asuscomm.com
  Type: dns
  Detail: No valid IP addresses found for
  leviathan-borealis.asuscomm.com

My web server is (include version):
Not applicable
The operating system my web server runs on is (include version):
Debian 10
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.13.0

Hi @Nazareth.Borealis

please read your check result, created yesterday - https://check-your-website.server-daten.de/?q=leviathan-borealis.asuscomm.com

Grade Y - "Private IP-Address found".

Warning: Private ip address found. No connection possible. There are two types of ip addresses: Worldwide unique, global addresses and private addresses. If you want that other users connect your domain, your domain must have minimal one A- (ipv4) or AAAA- (ipv6) entry with a global ip address. Check Private network - Wikipedia to understand the details: 100.64.0.0 to 100.127.255.255: Shared address space for communications between a service provider and its subscribers when using a carrier-grade NAT

That's not a public visible ip address. So you can't create a certificate via http validation.

Thanks for answering. So there's basically nothing I can do here? Bc of the ip range my isp is giving me?

Well it proved simpler than expected. I msg my isp and asked for a public ip. Will be getting one in 5 days.

Thanks for guiding me

Yes, that's ISP specific. I have only public visible ip addresses. But I don't have home servers, so I don't need a public ip.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.