No IPv4 found for ad1.company.com


#1

Hello,

I have a problem requesting a certificate for a local server we have internally; Basically, we want to get rid of the self-signed certificate and install a valid SSL certificate on a Microsoft ADFS server.

We have created a public A record for this server which resolves in 10.0.0.0/8. The command I try to invoke is:
./certbot-auto certonly --verbose --standalone -d adfs.company.com

At the screen, I get the error “No IPv4 addresses found for adfs.company.com”. I don’t think it is a DNS problem, as it resolves well and if I invoke the same command with a non-existent subdomain name, I get a different error message (NXDOMAIN looking up A)

Any help? Thank you!


#2

Also, if I try to manually submit a DER, I get “Self-verify of challenge failed” (Of course, because it’s not a publicly accessible Web server)

Next step, I would try to manually upload the DER but using the DNS verification of ownership method…

This is my manual upload command:
./letsencrypt-auto certonly --authenticator manual --server https://acme-v01.api.letsencrypt.org/directory --text --email user@company.com --csr signreq.der


#3

If you want to use any of the challenge types supported by letsencrypt-auto (or certbot, the new name), you’ll need to make your domain resolve to a non-private IP address and allow traffic from the public internet on port 80 or 443.

As an alternative, you can use a DNS-based challenge (DNS-01). To make this work you’ll need to be able to create a TXT record for your domain (it needs to be resolvable by public DNS). This is currently not supported by certbot, but a number of other clients have support for DNS-01 (like the bash clients or lego).


#4

Thanks, what I finally did is that I setup Let’s encrypt on a Linux Apache server, converted the certificate to PKCS12 format and installed it on the Active Directory server.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.