Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output: No valid IP addresses found for lars-projects.com
My web server is (include version): Apache
The operating system my web server runs on is (include version): Ubuntu Server LTS
My hosting provider, if applicable, is: Homeserver
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.15.0
Hi Letsencrypt community,
i have a homeserver with Ubuntu Server LTS and the Apache Webserver running without any problems. As my ISP doesnt give me a static IP i need to use a Dynamic DNS Service (https://ddnss.de/). I am currently using a CNAME record on my main domain (lars-projects.com) to connect it to the domain i have got from the DNS Service (lj-server.ddnss.de). When i am trying to create the certificate with the command above the error "No valid IP addresses found for lars-projects.com" occurs. Any ideas why this is happening?
$ host lars-projects.com
lars-projects.com. is an alias for lj-server.ddnss.de.
lj-server.ddnss.de. has IPv4 address 100.93.20.181
That IP is in the Carrier NAT (RFC 6598) private IP space (100.64.0.0/10). That is, the IP is only routable within your ISP's network, and not the Internet at large.
If the site is only supposed to be accessible to those on the same network, then you need to use the DNS-01 challenge instead.
If the site is supposed to be accessible to everyone on the Internet, then you need to have a public IP (either IPv4, IPv6, or both) for it instead.
You'd have to get a public IP from your Internet provider. They probably issue those internal IPs to their customers because they're short on public IPv4 addresses. You'll need to contact them to see if they can get you a public IP instead, but they may want you to upgrade to a more expensive type of service (like getting a business-type plan) in order to get it.
For most people, hosting a server at a hosting service (nowadays popularly called a "cloud service" for some reason) is a lot easier than trying to host one on a residential Internet connection. Depending on electricity rates in your area, it may even be cheaper (I know it is cheaper for me, for instance).
Thank you very much! That explains a lot. I am going to try contacting my internet provider and see what i can get for free...as the project runs on a Raspberry Pi and is more of a learning experience I won't bother upgrading to a business plan. Thanks again.
Please notice that due to the CG-NAT mentioned earlier, it's not just Let's Encrypt being unable to validate your hostname, but also no-one else from the internet can connect to your webserver.