No valid A records found

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I've been using your software for around 4 years .Every 90 days or so I renew my certificates. Two days ago my certificate expired. I have been trying for two days now to create or renew a certificate. Nothing has changed except two months ago I had to install a new router from Google. I had to change my DNA A record on godaddy to reflect this change. This was two months ago.

My domain is: evolutionrevolutionoflove.com

I ran this command:

1: evolutionrevolutionoflove.com (Site 14)

Continue with this selection? (y*/n) - yes

Source generated using plugin IIS: evolutionrevolutionoflove.com

Existing renewal: [IIS] EvolutionDeploy, evolutionrevolutionoflove.com - 9
renewals, due now, 42 errors

Overwrite settings? (y*/n) - yes

Overwriting previously created renewal

It produced this output:
Plugin IIS generated source evolutionrevolutionoflove.com with 1 identifiers
Plugin Single created 1 order
Source change in order Main detected
Renewing [IIS] EvolutionDeploy, evolutionrevolutionoflove.com
Cached order has status invalid, discarding
[evolutionrevolutionoflove.com] Authorizing...
[evolutionrevolutionoflove.com] Authorizing using http-01 validation (SelfHosting)
[evolutionrevolutionoflove.com] Authorization result: invalid
[evolutionrevolutionoflove.com] {"type":"urn:ietf:params:acme:error:dns","detail":"no valid A records found for evolutionrevolutionoflove.com; no valid AAAA records found for evolutionrevolutionoflove.com","status":400,"instance":null}
[evolutionrevolutionoflove.com] Deactivating pending authorization

My web server is (include version):
IIS
Windows Server 2012 R2, Windows Server 2012
The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
IIS

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Software version 2.2.6.1571 (release, pluggable, standalone, 64-bit)

Thanksyou very much.

evolutionrevolutionoflove.com resolves to a private IP address (192.168.1.118). When using the http-01 challenge, the Let's Encrypt validation attempts to make an HTTP request to (one of the) IP address(es) of the hostname. But that cannot be done for private IP addresses for obvious reasons, thus this error is shown (private IP addresses are not valid).

You should either change the IP address to the actual public IP address (without that, your entire website won't work anyway) or use the dns-01 challenge. I have no clue how you would do the latter in a Windows environment, especially as you haven't mentioned the ACME client being used.

Hi @richardpfletcher, and welcome to the LE community forum

Windows Server End of Support: Key Dates - Microsoft Community Hub

You should be moving towards upgrading that ASAP.

I'm slightly confused.

This site has been operational for over seven years.

image.png915×652 57.9 KB

I've been using your tool for many years without any problems. My domain goes through GoDaddy. A few days ago my certificate expired. I'm simply trying to renew it.

Thank you for your help. I truly appreciate it.

Probably just from your own local network, assuming your computer with the browser is located on the same network as the server hosting the webserver.

From my point of view:

Although something might have changed recently in DNS, as I can see multiple Let's Encrypt certs in the past for your domain indeed.

Thank you so much for explaining the problem. I had the wrong IP address. It's up and running now.

image.png915×652 57.9 KB

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.