No valid IP address found for certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
grafana.jdstudy.xyz
I ran this command:
sudo certbot --nginx -d grafana.jdstudy.xyz
It produced this output:
2021-07-02 20:47:28,719:DEBUG:acme.client:Storing nonce: 0002VPEC5-GgiYYBnsWlmNddmrVIbylmihYxfLQcRTFhSbQ
2021-07-02 20:47:28,719:WARNING:certbot.auth_handler:Challenge failed for domain grafana.jdstudy.xyz
2021-07-02 20:47:28,720:WARNING:certbot.auth_handler:Challenge failed for domain www.grafana.jdstudy.xyz
2021-07-02 20:47:28,721:INFO:certbot.auth_handler:http-01 challenge for grafana.jdstudy.xyz
2021-07-02 20:47:28,722:INFO:certbot.auth_handler:http-01 challenge for www.grafana.jdstudy.xyz
2021-07-02 20:47:28,723:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: grafana.jdstudy.xyz
Type: dns
Detail: No valid IP addresses found for grafana.jdstudy.xyz

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 20.04
My hosting provider, if applicable, is:
Namecheap
I can login to a root shell on my machine (yes or no, or I don't know):
Ran the command as root

This is the closes thing I found

But how do I go about adding an ip address?

This is the output from check-your-website

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
grafana.jdstudy.xyz A 192.168.1.47
No Hostname found yes 1 0
AAAA yes
www.grafana.jdstudy.xyz Name Error yes 1 0

Last but not least. This is running on a virtual ubuntu 20.04 on virtual box

1 Like

This is your problem--your domain is pointing to a private IP address. You need to update your DNS records to point to a public IP address.

2 Likes

Hi Hason, welcome to the Lets Encrypt Community forum.

In order for certbot to issue a certificate, your domain name needs to be reachable on the Internet. I see the IP address you list is from your own computer.

You acquired your domain from NameCheap and these are the nameservers shown.

Name Servers:
dns1.registrar-servers.com
dns2.registrar-servers.com

Oops! I see Dan just replied. As Dan indicates, you have to update your DNS records. Also check to make sure the nameservers are listed in your records. As it is right now, your domain is unreachable on the Internet.

https://check-your-website.server-daten.de/?q=jdstudy.xyz

2 Likes

Thanks for replying! But if I change it to a public IP, I wont be able to access my grafana server with the domain name nor the public IP. Is this the expected behavior? I can still access Grafana using local private IP address.

Thanks again!

1 Like

Yes.
If you expect to obtain a cert from LE via HTTP authentication, you will need to use a valid public IP.
Also, if you expect anyone to connect to it from the Internet (without a VPN), you will need to keep to a public IP.

How can you access the local system via the public IP?
There are several ways:

  1. use a router that supports hair pinning (uncommon)
  2. use split-DNS and maintain a zone with the private IP for that name (not for novice)
    [any internal systems that use that DNS will be directed to the local IP]
  3. override DNS replies for that name locally within each system that needs access to it (simplest)
    -- for Windows: Edit file %windir%\system32\drivers\etc\hosts
    -- for Linux: Edit file /etc/hosts
1 Like

That's probably due to lack of "NAT loopback" in your home NAT router. This might be a configurable thing which you might be able to enable, but chances are your router just doesn't support it.

Edit: Hmm, never knew that "hairpinning", as mentioned above, is a different name for "NAT loopback". Never too old to learn :smiley:

Also, @rg305 says it's uncommon, but in my experience it's quite common here in the Netherlands wiith certain brands of routers, but YMMV in other router ecospheres.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.