LetsEncrypt Docker Issue

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: stldintux02.sial.com

I ran this command:

sudo docker run -it --rm \
-v /docker-volumes/etc/letsencrypt:/etc/letsencrypt \
-v /docker-volumes/var/lib/letsencrypt:/var/lib/letsencrypt \
-v /docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site:/data/letsencrypt \
-v "/docker-volumes/var/log/letsencrypt:/var/log/letsencrypt" \
certbot/certbot \
certonly --webroot \
--register-unsafely-without-email --agree-tos \
--webroot-path=/data/letsencrypt \
--staging \
-d stldintux02.sial.com -d www.stldintux02.sial.com

It produced this output:

Requesting Let’s Encrypt certificate for stldintux02.sial.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for stldintux02.sial.com
http-01 challenge for www.stldintux02.sial.com
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification…
Challenge failed for domain stldintux02.sial.com
Challenge failed for domain www.stldintux02.sial.com
http-01 challenge for stldintux02.sial.com
http-01 challenge for www.stldintux02.sial.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

Reloading nginx …

My web server is (include version): I am using Docker Nginx

The operating system my web server runs on is (include version): Linux stldintux02.sial.com 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Docker images (certbot/certbot)

Hi @letsencryptprakash

there is a check of your domain, ~~ one hour old - https://check-your-website.server-daten.de/?q=stldintux02.sial.com - same result:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
stldintux02.sial.com Name Error yes 1 0
www.stldintux02.sial.com Name Error yes 1 0

There is no A or AAAA record defined.

Are you the owner of that domain? If yes, create an A record or use dns validation.

If no, you can’t create a certificate with that domain name.

2 Likes

@JuergenAuer Could you please advise me how to create the A record

@JuergenAuer

we are already having the record for this, please check below

stldintux02.sial.com
Server: stladdc01.global.sial.com
Address: 141.247.239.48

Name: stldintux02.sial.com
Address: 141.247.199.236

141.247.199.236
Server: stladdc01.global.sial.com
Address: 141.247.239.48

Name: stldintux02.sial.com
Address: 141.247.199.236

-bash-4.2$ dig stldintux02.sial.com

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> stldintux02.sial.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17834
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;stldintux02.sial.com. IN A

;; ANSWER SECTION:
stldintux02.sial.com. 28800 IN A 141.247.199.236

;; Query time: 1 msec
;; SERVER: 141.247.9.18#53(141.247.9.18)
;; WHEN: Wed Apr 29 22:37:55 CDT 2020
;; MSG SIZE rcvd: 65

Please let me know is there anything else i need to add, if so could you please advise me how to add the where to add.

Thanks

Read the output of your check - https://check-your-website.server-daten.de/?q=stldintux02.sial.com

ns01.brandshelter.com is the name server of sial.com, there you have to create the A record.

There is nothing - same result:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
stldintux02.sial.com Name Error yes 1 0
www.stldintux02.sial.com Name Error yes 1 0
1 Like

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: stldintux02.sial.com

I ran this command: sudo docker run -it --rm
-v /docker-volumes/etc/letsencrypt:/etc/letsencrypt
-v /docker-volumes/var/lib/letsencrypt:/var/lib/letsencrypt
-v /docker/letsencrypt-docker-nginx/src/letsencrypt/letsencrypt-site:/data/letsencrypt
-v “/docker-volumes/var/log/letsencrypt:/var/log/letsencrypt”
certbot/certbot
certonly --webroot
–register-unsafely-without-email --agree-tos
–webroot-path=/data/letsencrypt
–staging
-d stldintux02.sial.com -d www.stldintux02.sial.com

It produced this output:

Requesting Let’s Encrypt certificate for stldintux02.sial.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for stldintux02.sial.com
http-01 challenge for www.stldintux02.sial.com
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification…
Challenge failed for domain stldintux02.sial.com
Challenge failed for domain www.stldintux02.sial.com
http-01 challenge for stldintux02.sial.com
http-01 challenge for www.stldintux02.sial.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hello LetsEncrypt,

stldintux02.sial.com this is my internal servers and i want to generate the Certificate for this, could some one please help me to generate the certificate on this.

Thanks

If it isn’t possible that you create a public visible A-record, you can’t use http validation.

Switch to dns validation.

1 Like

@JuergenAuer : I have used below command and again getting error

sudo certbot -d stldintux02.sial.com --manual --preferred-challenges dns certonly


Please deploy a DNS TXT record under the name
_acme-challenge.stldintux02.sial.com with the following value:

2mPXbYZpl0i2ucwnPx2SKz6q58BpikTRRI4WlA6pT0s

Before continuing, verify the record is deployed.


Press Enter to Continue
Waiting for verification…
Challenge failed for domain stldintux02.sial.com
dns-01 challenge for stldintux02.sial.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: stldintux02.sial.com
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.stldintux02.sial.com - check that a DNS record
    exists for this domain

Could you please advise how to resolve this issue

@JuergenAuer : I tried with DNS validation but still i am getting the below error, could you please advise on this.

sudo certbot -d stldintux02.sial.com --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns certonly

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for stldintux02.sial.com


NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?


(Y)es/(N)o: y


Please deploy a DNS TXT record under the name
_acme-challenge.stldintux02.sial.com with the following value:

wPbvV221u41kEKYTvdiMQCqqACq3aSpxbjJTe9zNTY4

Before continuing, verify the record is deployed.


Press Enter to Continue
Waiting for verification…
Challenge failed for domain stldintux02.sial.com
dns-01 challenge for stldintux02.sial.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: stldintux02.sial.com
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.stldintux02.sial.com - check that a DNS record
    exists for this domain

Use the online tool after creating the TXT record. There are some errors possible, the tool checks that.

Checking these things manual is terrible.

1 Like

@JuergenAuer : Is there any options to change the DNS lookup server name other than default, because its looking for default server and getting the error as failed.

-bash-4.2$ nslookup stldintux02.sial.com
Server: 141.247.9.18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.