LetsEncrypt Failing

Hi,

I am getting the following error message. I have everything set up as per the video instructions. I believe it’s a port forwarding issue but I do not know what exactly. Hoping someone can assist or give me insight as to where to look. Thanks.

The “No valid IP addresses found for www.example.com” message means that the hostname does not have a public IP address that Let’s Encrypt can or will connect to – either because there are no IP addresses at all, or because they’re not suitable – e.g. 127.0.0.1 or 192.168.1.1.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

4 Likes

This can also occur on occasion with carrier-grade NAT, which is another case where the end user device doesn’t have an IP address that can be reached from the rest of the Internet.

3 Likes

Thank you for your response! So I can ping my.example.com and it returns my public IP address. I can also go to my PublicIPAddress:PortNumber and reach the web application. Do I need to edit the conf file for letsencrypt to include my public IP?

I don’t think we’ll get any further here without your real domain name or real IP address.

If you don’t want to share them, please remember to check that your address is correct as seen from outside of your LAN, and that the IP address is not a carrier NAT address and is reachable from outside of your own ISP.

3 Likes

So I was able to figure it out. I don’t know why this works but it does, perhaps you have an explanation for it? My unraid server http and https were using ports 80 and 443. My LetsEncrypt docker http/https was using 81 and 444. That did not work. I swapped my unraid to use 81/444 and LetsEncrypt 80/443 and it worked. Why is that? Also, after it is working can I disable the port forwarding for both unraid and letsencrypt?

Well, the HTTP-01 challenge method doesn’t let you pick the port number; it always uses port 80.

To get Let’s Encrypt certificates with this method, you’ll need to have a way for at least HTTP requests for /.well-known/acme-challenge on port 80 to reach a machine that can answer the challenges.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.