Issues when trying to create a certificate on my webserver

Hi everyone,
i am trying to create a webserver, running on Ubuntu 18.04, using nginx+quiche, and it seems that SSL certificate is needed. The domain that i registered is , but the ip adress is a private one ( since that is what im using in a private network of VMs built with vagrant.

Running the command on the webserver:
"certbot certonly --standalone --non-interactive --agree-tos -d -m myemail@example"
it gives me the error:
"no valid A records found for; no valid AAAA records found for".

Trying to resolve it i changed the ip of the domain to my personal ip of my windows machine, then i installed certbot and ran the same command on the windows terminal, and this time the error was different:
" Fetching Timeout during connect (likely firewall problem)"

At this point i disabled the firewall on my system, but the error persisted. I think i am approaching it in the wrong way. Im relatively new to this and i don't know what to do. My objective is to get 2 files: fullchain.pem and privkey.pem, since those are what i need to put in a specific folder later.

Thanks for your time

1 Like

The server running certbot requires access from the internet on HTTP port 80 in the case of the standalone plugin. This requires an open inbound port 80 in firewalls and/or NAT devices (i.e.: NAT portmaps).

If for some reason it isn't possible to have inbound port 80 access from the internet to the host running the ACME client (in casu Certbot), you could also use the dns-01 challenge, which does not require a TCP connection to the host itself. The dns-01 works using the, well, Domain Name System. In your case your DNS provider is DuckDNS. There exists a third party DNS authentication plugin for Certbot for DuckDNS, but it may or may not be difficult to install said plugin.

To know that, we'd need to know how you've installed Certbot. However, often having inbound port 80 access is more easily achieved.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.