No Valid A records found for

My friends, I'd like to ask for your help.

I've got a HTTP website in my intranet and I need him to be HTTPS.

I'm trying with CertBot.

First I use the command "certbot certonly --standalone"

then when I enter the domain name to certificate I receive the following error:

"Requesting a certificate for **********

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: **********
Type: dns
Detail: no valid A records found for **********; no valid AAAA records found for **********

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Some challenges have failed."

Can someone please help me?

Hi @gabrielvms4,

Usually this error means that your site is hosted on a private IP address or on an IP address reserved for CGN use. In order to get a certificate with the method you used, it has to be possible for people outside of your ISP to connect to your site from the public Internet, which might not be the case with your current hosting setup.

If your ISP is using CGN, you might have to make a special request to the ISP to receive a public IP address (that other people can connect to).


If it's intentional that the public can't connect to your site, then you can't use --standalone to get your certificate. More information at


You would have to use a DNS challenge, normally with a Certbot plugin that is specific to your DNS host's API.


The intention is that people outside of my ISP can connect to the site from the public Internet

Ok, thank you for the answers. I'll check the links you sent in the other answer


This one is correct, the hostname resolves to (Recovered from OPs previous thread, which has been emptied.)

That won't work with a private IP address as a destination.


Then you will need a working web site - before you try and secure it via HTTP-01 authentication.

Also, while "testing", you should be using the testing/staging environment.
Add "--dry-run" to your tests until they work.


I might be blind... But I don't see a domain here... I must be confused.


You are not blind; It was found on another topic [now removed].


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.