Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
grafana.jdstudy.xyz
I ran this command:
sudo certbot --nginx -d grafana.jdstudy.xyz
It produced this output:
2021-07-02 20:47:28,719:DEBUG:acme.client:Storing nonce: 0002VPEC5-GgiYYBnsWlmNddmrVIbylmihYxfLQcRTFhSbQ
2021-07-02 20:47:28,719:WARNING:certbot.auth_handler:Challenge failed for domain grafana.jdstudy.xyz
2021-07-02 20:47:28,720:WARNING:certbot.auth_handler:Challenge failed for domain www.grafana.jdstudy.xyz
2021-07-02 20:47:28,721:INFO:certbot.auth_handler:http-01 challenge for grafana.jdstudy.xyz
2021-07-02 20:47:28,722:INFO:certbot.auth_handler:http-01 challenge for www.grafana.jdstudy.xyz
2021-07-02 20:47:28,723:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: grafana.jdstudy.xyz
Type: dns
Detail: No valid IP addresses found for grafana.jdstudy.xyz
My web server is (include version):
The operating system my web server runs on is (include version):
Ubuntu 20.04
My hosting provider, if applicable, is:
Namecheap
I can login to a root shell on my machine (yes or no, or I don't know):
Ran the command as root
This is the closes thing I found
But how do I go about adding an ip address?
This is the output from check-your-website
Host
Type
IP-Address
is auth.
∑ Queries
∑ Timeout
grafana.jdstudy.xyz
A
192.168.1.47
No Hostname found
yes
1
0
AAAA
yes
www.grafana.jdstudy.xyz
Name Error
yes
1
0
Last but not least. This is running on a virtual ubuntu 20.04 on virtual box
Hi Hason, welcome to the Lets Encrypt Community forum.
In order for certbot to issue a certificate, your domain name needs to be reachable on the Internet. I see the IP address you list is from your own computer.
You acquired your domain from NameCheap and these are the nameservers shown.
Oops! I see Dan just replied. As Dan indicates, you have to update your DNS records. Also check to make sure the nameservers are listed in your records. As it is right now, your domain is unreachable on the Internet.
Thanks for replying! But if I change it to a public IP, I wont be able to access my grafana server with the domain name nor the public IP. Is this the expected behavior? I can still access Grafana using local private IP address.
Yes.
If you expect to obtain a cert from LE via HTTP authentication, you will need to use a valid public IP.
Also, if you expect anyone to connect to it from the Internet (without a VPN), you will need to keep to a public IP.
How can you access the local system via the public IP?
There are several ways:
use a router that supports hair pinning (uncommon)
use split-DNS and maintain a zone with the private IP for that name (not for novice)
[any internal systems that use that DNS will be directed to the local IP]
override DNS replies for that name locally within each system that needs access to it (simplest)
-- for Windows: Edit file %windir%\system32\drivers\etc\hosts
-- for Linux: Edit file /etc/hosts
That's probably due to lack of "NAT loopback" in your home NAT router. This might be a configurable thing which you might be able to enable, but chances are your router just doesn't support it.
Edit: Hmm, never knew that "hairpinning", as mentioned above, is a different name for "NAT loopback". Never too old to learn
Also, @rg305 says it's uncommon, but in my experience it's quite common here in the Netherlands wiith certain brands of routers, but YMMV in other router ecospheres.
