No IPv4 found for ad1.company.com

Hello,

I have a problem requesting a certificate for a local server we have internally; Basically, we want to get rid of the self-signed certificate and install a valid SSL certificate on a Microsoft ADFS server.

We have created a public A record for this server which resolves in 10.0.0.0/8. The command I try to invoke is:
./certbot-auto certonly --verbose --standalone -d adfs.company.com

At the screen, I get the error “No IPv4 addresses found for adfs.company.com”. I don’t think it is a DNS problem, as it resolves well and if I invoke the same command with a non-existent subdomain name, I get a different error message (NXDOMAIN looking up A)

Any help? Thank you!

Also, if I try to manually submit a DER, I get “Self-verify of challenge failed” (Of course, because it’s not a publicly accessible Web server)

Next step, I would try to manually upload the DER but using the DNS verification of ownership method…

This is my manual upload command:
./letsencrypt-auto certonly --authenticator manual --server https://acme-v01.api.letsencrypt.org/directory --text --email user@company.com --csr signreq.der

If you want to use any of the challenge types supported by letsencrypt-auto (or certbot, the new name), you’ll need to make your domain resolve to a non-private IP address and allow traffic from the public internet on port 80 or 443.

As an alternative, you can use a DNS-based challenge (DNS-01). To make this work you’ll need to be able to create a TXT record for your domain (it needs to be resolvable by public DNS). This is currently not supported by certbot, but a number of other clients have support for DNS-01 (like the bash clients or lego).

Thanks, what I finally did is that I setup Let’s encrypt on a Linux Apache server, converted the certificate to PKCS12 format and installed it on the Active Directory server.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.