Mail can not get cer

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:mail.sojrs.me

I ran this command:
certbot certonly --standalone -d mail.sojrs.me
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Currently, the renew verb is capable of either renewing all installed certi
ficates that are due to be renewed or renewing a single certificate specifi
ed by its name. If you would like to renew specific certificates by their d
omains, use the certonly command instead. The renew verb may provide other
options for selecting certificates to renew in the future.
[root@vultr letsencrypt]# certbot certonly --standalone -d mail.sojrs.me
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.sojrs.me
Waiting for verification…
Challenge failed for domain mail.sojrs.me
http-01 challenge for mail.sojrs.me
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: mail.sojrs.me
    Type: unauthorized
    Detail: Invalid response from
    http://mail.sojrs.me/.well-known/acme-challenge/xd6Q3mUav7-5WYkVHHDdo6El
    CwxMnS6YDfCHjqusBd0
    [2606:4700:30::6812:2e2b]: "\n<!–[if lt IE 7]>

    \n\n <html class=\"no-js "

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.
    [root@vultr letsencrypt]#
    My web server is (include version):

The operating system my web server runs on is (include version):centos7

My hosting provider, if applicable, is: vps ,vultr

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.36.0

other info:
my vps is 1.1.1.1
and i set hosts 1.1.1.1 mail.sojrs.me
so i think it should not be the wrong about dns
image

Hi @sojrs

checking your domain - https://check-your-website.server-daten.de/?q=mail.sojrs.me - you use Cloudflare:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
mail.sojrs.me A 104.18.46.43 Ashburn/Virginia/United States (US) - Cloudflare, Inc. No Hostname found yes 1 0
A 104.18.47.43 Ashburn/Virginia/United States (US) - Cloudflare, Inc. No Hostname found yes 1 0
AAAA 2606:4700:30::6812:2e2b Ashburn/Virginia/United States (US) - Cloudflare, Inc. yes
AAAA 2606:4700:30::6812:2f2b Ashburn/Virginia/United States (US) - Cloudflare, Inc. yes
www.mail.sojrs.me Name Error yes 1 0

But you don't have a valid certificate, so Cloudflare can't connect your domain.

Instead, there is the standard Cloudflare error http status 521:

Origin Unreachable
Error 523 Ray ID: 510689397eb1d105 • 2019-09-03 09:00:54 UTC Origin is unreachable You Browser Working Berlin Cloudflare Working mail.sojrs.me Host Error What happened? The origin web server is not reachable. What can I do? If you're a visitor of this website: Please try again in a few minutes. If you're the owner of this website: Check your DNS Settings. A 523 error means that Cloudflare could not reach your host web server. The most common cause is that your DNS settings are incorrect. Please contact your hosting provider to confirm your origin IP and then make sure the correct IP is listed for your A record in your Cloudflare DNS Settings page. Additional troubleshooting information here. Cloudflare Ray ID: 510689397eb1d105 • Your IP : 85.215.2.229 • Performance & security by Cloudflare

If you want to use Cloudflare, you need a working certificate.

So

  • remove that Cloudflare configuration, so your server is directly visible
  • create a certificate
  • activate Cloudflare again

But currently Cloudflare blocks Letsencrypt checking your domain.

I think you’re misreading your own output–Cloudflare is returning “no hostname found” for this hostname. It appears there are no DNS records for that name at all.

That's the reverse ip check. Something like

nslookup 104.18.46.43

There is no reverse ip entry, so there is no hostname found.

That's not the result of the url check. There is a http status 521.

So Cloudflare knows the correct ip, but can't connect it because there is no valid certificate.

thanks,i delete all cloudflare configuration , no cdn。 it works

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.