Let’s Encrypt Apache failed to install, some challange have failed

I'm trying to issue a certificate using the command certbot --apache and it gives me this error

certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?


1: leak.citizensec.kz
2: www.leak.citizensec.kz


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for leak.citizensec.kz

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: leak.citizensec.kz
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for leak.citizensec.kz - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for leak.citizensec.kz - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My IP has been added to this domain in the DNS manager

Hi! It appears your DNS hosting provider is Cloudflare:

$ dig ns citizensec.kz +short
cora.ns.cloudflare.com.
chase.ns.cloudflare.com.

But your screenshot doesn't look like Cloudflare's control panel to me.

4 Likes

Hello this is ps.kz this is what happened when I wrote your command

root@bakery:/var/www/leak.citizensec.kz/server# dig ns citizensec.kz +short
chase.ns.cloudflare.com.
cora.ns.cloudflare.com.
root@bakery:/var/www/leak.citizensec.kz/server#

You need to either go to your domain registrar and change your NS records to those of ps.kz or to go to your Cloudflare control panel and manage your DNS records from there.

2 Likes

What’s the problem, why can’t I issue myself a certificate?

You can't issue certificates because at the moment you can't prove ownership of your domain to Let's Encrypt. You can't prove ownership, because at the moment, from the point of view of the public internet, the domain you want to get a certificate for have neither any A nor AAAA records.

As I alluded to in my initial reply, your domain's DNS records are managed by Cloudflare, hence why having these records in your ps.kz panel doesn't affect anything.

Suggestions on how to remedy this issue are listed in my previous reply.

7 Likes

thank u!

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.