No valid A records found

spreatty · May 17, 2023, 1:59pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
spreatty.site

I ran this command:
certbot certonly --manual

It produced this output:

Saving debug log to C:\Certbot\log\letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): spreatty.site
Requesting a certificate for spreatty.site

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:

cf22NFwh3uBxR4Hr0zAQ1uERcD4oTSNZOaspvI24T7M.yvL99TIYLaYTjWTdPYB8C1tjI2zKDCfvKuYdRIKpJ5E

And make it available on your web server at this URL:

http://spreatty.site/.well-known/acme-challenge/cf22NFwh3uBxR4Hr0zAQ1uERcD4oTSNZOaspvI24T7M

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
  Domain: spreatty.site
  Type:   dns
  Detail: no valid A records found for spreatty.site; no valid AAAA records found for spreatty.site

Hint: The Certificate Authority failed to verify the manually created challenge files. Ensure that you created these in the correct location.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
node v18.12.1

The operating system my web server runs on is (include version):
Windows 11

My hosting provider, if applicable, is:
Home server

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.6.0

The thing is: there is A record Dig (DNS lookup)

Home page works too: http://spreatty.site

MikeMcQ · May 17, 2023, 2:06pm

Yes an IP exists but it is a private IP. Let's encrypt must validate your domain using the public Internet

Bruce5051 · May 17, 2023, 3:23pm

You could use the DNS-01 challenge of the Challenge Types - Let's Encrypt and not need to have and IP Address.

MikeMcQ · May 17, 2023, 4:04pm

Yes, if they plan to keep their site privately accessed. But they will need a public IP in their DNS to access from the public internet.

If they are only going to use this privately they could consider using a self-signed cert and make their life easier

Bruce5051 · May 17, 2023, 4:07pm

I total agree @MikeMcQ, I was just trying to find a way for them to get a Let's Encrypt issued TLS Certificate.

rg305 · May 17, 2023, 4:07pm

OR...
A VPN could overcome that routeable IP deficiency.
[just saying - I know that no VPN has been mentioned]

OR...
A private DNS could be used to provide the Internet IP.

spreatty · May 17, 2023, 4:13pm

Actually I'd prefer to use DNS-01 method. However, I don't see how can I run certbot for a non-wildcard domain in DNS-01 mode. Still, Mike has a point here: wrong IP is set on A record. I will need to fix that anyway, and then I'll try HTTP-01 again if port 80 is open

danb35 · May 17, 2023, 4:31pm

You'd run it in exactly the same way as you'd run it for a wildcard domain--just leave out the wildcard part. So, -d spreatty.site.

Bruce5051 · May 17, 2023, 4:44pm

Presently I am finding a valid DNS A Record, however the IPv4 Address: 172.16.15.190 is part of the Private network - Wikipedia for IPv4 Address space.

$ nslookup -q=a spreatty.site ns19.inhostedns.com.
Server:         ns19.inhostedns.com.
Address:        185.104.44.24#53

Name:   spreatty.site
Address: 172.16.15.190

$ nslookup -q=a spreatty.site ns29.inhostedns.net.
Server:         ns29.inhostedns.net.
Address:        185.104.46.24#53

Name:   spreatty.site
Address: 172.16.15.190

$ nslookup -q=a spreatty.site ns39.inhostedns.org.
Server:         ns39.inhostedns.org.
Address:        62.210.30.252#53

Name:   spreatty.site
Address: 172.16.15.190

Osiris · May 17, 2023, 4:55pm

See the --preferred-challenges option in the Certbot documentation.

system · June 16, 2023, 4:55pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.