No Valid A records found for

gabrielvms4 · December 26, 2022, 8:52pm

My friends, I'd like to ask for your help.

I've got a HTTP website in my intranet and I need him to be HTTPS.

I'm trying with CertBot.

First I use the command "certbot certonly --standalone"

then when I enter the domain name to certificate I receive the following error:

"Requesting a certificate for **********.ddns.net

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: **********.ddns.net
Type: dns
Detail: no valid A records found for **********.ddns.net; no valid AAAA records found for **********.ddns.net

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed."

Can someone please help me?

schoen · December 26, 2022, 9:02pm

Hi @gabrielvms4,

Usually this error means that your site is hosted on a private IP address or on an IP address reserved for CGN use. In order to get a certificate with the method you used, it has to be possible for people outside of your ISP to connect to your site from the public Internet, which might not be the case with your current hosting setup.

If your ISP is using CGN, you might have to make a special request to the ISP to receive a public IP address (that other people can connect to).

schoen · December 26, 2022, 9:03pm

If it's intentional that the public can't connect to your site, then you can't use --standalone to get your certificate. More information at

and

https://eff-certbot.readthedocs.io/en/stable/using.html#getting-certificates-and-choosing-plugins

You would have to use a DNS challenge, normally with a Certbot plugin that is specific to your DNS host's API.

gabrielvms4 · December 26, 2022, 9:07pm

The intention is that people outside of my ISP can connect to the site from the public Internet

Ok, thank you for the answers. I'll check the links you sent in the other answer

Osiris · December 26, 2022, 9:22pm

This one is correct, the hostname resolves to 192.168.56.1. (Recovered from OPs previous thread, which has been emptied.)

That won't work with a private IP address as a destination.

rg305 · December 26, 2022, 10:02pm

Then you will need a working web site - before you try and secure it via HTTP-01 authentication.

Also, while "testing", you should be using the testing/staging environment.
Add "--dry-run" to your tests until they work.

Rip · December 27, 2022, 3:25am

I might be blind... But I don't see a domain here... I must be confused.

rg305 · December 27, 2022, 3:41am

You are not blind; It was found on another topic [now removed].

system · January 26, 2023, 3:42am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.