No valid IP addresses found for apollo.dvanderpol.nl

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: apollo.dvanderpol.nl

I ran this command: sudo certbot certonly --dry-run --apache -v -d apollo.dvanderpol.nl

It produced this output:

Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator apache and installer apache
Apache version is 2.4.46
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_arch.ArchConfigurator object at 0x7f7ac7479130>
Prep: True
Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_arch.ArchConfigurator object at 0x7f7ac7479130>
Prep: True
Selected authenticator <certbot_apache._internal.override_arch.ArchConfigurator object at 0x7f7ac7479130> and installer <certbot_apache._internal.override_arch.ArchConfigurator object at 0x7f7ac7479130>
Plugins selected: Authenticator apache, Installer apache
Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/15396230', new_authzr_uri=None, terms_of_service=None), 6b4d6045e88e3e9c3b59c0d25588a3a9, Meta(creation_dt=datetime.datetime(2020, 8, 30, 13, 56, 43, tzinfo=), creation_host='apollo', register_to_eff=None))>
Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
Received response:
HTTP 200
Server: nginx
Date: Tue, 17 Nov 2020 18:57:39 GMT
Content-Type: application/json
Content-Length: 724
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"DYnVY4kpiYQ": "Adding random entries to the directory",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
Obtaining a new certificate
Requesting fresh nonce
Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
Received response:
HTTP 200
Server: nginx
Date: Tue, 17 Nov 2020 18:57:39 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0004YIVmgUQNYaE_FeskA6TwPUmlOxNbu-Cv1I7xzKLvwq4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

Storing nonce: 0004YIVmgUQNYaE_FeskA6TwPUmlOxNbu-Cv1I7xzKLvwq4
JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "apollo.dvanderpol.nl"\n }\n ]\n}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTM5NjIzMCIsICJub25jZSI6ICIwMDA0WUlWbWdVUU5ZYUVfRmVza0E2VHdQVW1sT3hOYnUtQ3YxSTd4ektMdndxNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "ItMSwEzUQBXf6_kW4vCecFj70RRxGfL40d_1ZBydDsGsfX6fOr4wHPNPXVN5GoBR2kzHpeDabDi0274wQ8Ym4erjAWayth6A4_atNWuEx4C2f74axyOI3oOiHSPvEWa3C5VPiCY0CmKzlf22P8xmCt6otSZWBg3zjGCalaDo9om0TMrejoPCpBAon0LWIbQTYJilniXg0xPsqbZ5j2I0x_547_Px62nx0eM0A9wz1COjEsuGYEJkzs6cY_8v-3W2sVJBhvKn577u4v6vVsLlzdovA25QbtEEtLn5MRw_zcFepFSlzWE9x4egi9h9fADcstWoRtDumF5nCF-P0slvDA",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFwb2xsby5kdmFuZGVycG9sLm5sIgogICAgfQogIF0KfQ"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 364
Received response:
HTTP 201
Server: nginx
Date: Tue, 17 Nov 2020 18:57:39 GMT
Content-Type: application/json
Content-Length: 364
Connection: keep-alive
Boulder-Requester: 15396230
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/15396230/186257405
Replay-Nonce: 0004LoOkV1rH4BIObNSc45TZTvaQ3VfUGAViDO07Ro5OqG8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2020-11-24T18:57:39.980500673Z",
"identifiers": [
{
"type": "dns",
"value": "apollo.dvanderpol.nl"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/156476404"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/15396230/186257405"
}
Storing nonce: 0004LoOkV1rH4BIObNSc45TZTvaQ3VfUGAViDO07Ro5OqG8
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/156476404:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTM5NjIzMCIsICJub25jZSI6ICIwMDA0TG9Pa1Yxckg0QklPYk5TYzQ1VFpUdmFRM1ZmVUdBVmlETzA3Um81T3FHOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNTY0NzY0MDQifQ",
"signature": "H7JH-n0CIkJncMcoFE-Zt_5daFGHwhOFi46K9HXu54cJ9nyA-gfkOoubqe8GWOJLeyUUgsw9g8-F9buGIsTVhXk1GF1dto3M-MTcXHpfCk39vMgCz8w8wu9UWhrtKATT4u6tLai_JZ-zGT06_jcrRhZaFWnNufjlQRACxnAACyJ-ugbfDgENpvnFFuMQI00VD8gecwoUuIlw7OMF7Rkv8_Q7AR_aEbYR_d-6810QzMML1VZcIw8-dmIkmEgPLOGKKRFhd9WRXVdFrJ65Wf8lpCHlnPlEcuqL5gYNxQ7E2LpQNdutMUbBcavsdxTZlKuA4muWJGatN1wsewIbthILCg",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/156476404 HTTP/1.1" 200 819
Received response:
HTTP 200
Server: nginx
Date: Tue, 17 Nov 2020 18:57:40 GMT
Content-Type: application/json
Content-Length: 819
Connection: keep-alive
Boulder-Requester: 15396230
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 00047fTwVk90Amv2ByZiyMHBYxXo3qtzgaFcvE4ciEzNkAA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "apollo.dvanderpol.nl"
},
"status": "pending",
"expires": "2020-11-24T18:57:39Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/156476404/PLIwPg",
"token": "_TM9ZM0Ot849w5Qw_1hYbGD-OcE8eB0g0WyqCFwLzww"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/156476404/1PTkwQ",
"token": "_TM9ZM0Ot849w5Qw_1hYbGD-OcE8eB0g0WyqCFwLzww"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/156476404/nNqvvw",
"token": "TM9ZM0Ot849w5Qw_1hYbGD-OcE8eB0g0WyqCFwLzww"
}
]
}
Storing nonce: 00047fTwVk90Amv2ByZiyMHBYxXo3qtzgaFcvE4ciEzNkAA
Performing the following challenges:
http-01 challenge for apollo.dvanderpol.nl
Adding a temporary challenge validation Include for name: None in: /etc/httpd/conf/httpd.conf
writing a pre config file with text:
RewriteEngine on
RewriteRule ^/.well-known/acme-challenge/([A-Za-z0-9-=]+)$ /var/lib/letsencrypt/http_challenges/$1 [END]

writing a post config file with text:
<Directory /var/lib/letsencrypt/http_challenges>
Require all granted

<Location /.well-known/acme-challenge>
Require all granted

Creating backup of /etc/httpd/conf/httpd.conf
Waiting for verification...
JWS payload:
b'{}'
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/156476404/PLIwPg:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTM5NjIzMCIsICJub25jZSI6ICIwMDA0N2ZUd1ZrOTBBbXYyQnlaaXlNSEJZeFhvM3F0emdhRmN2RTRjaUV6TmtBQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xNTY0NzY0MDQvUExJd1BnIn0",
"signature": "oe0ergrNyz-8WQ36SYPaPSI3HgnvvtH_YiN2svu1kkNw6sJIt_sQuWVlqtB3d3-SS5jzL1h1cAWraaQz3jLat15OsoZaFH26hBZ-uV5MyN4qJZIIxXm6oh3VZ644NB_xckKPhWBnf_jICOus_qfLj9Pi2ganjb3gNPkd0pUrJ5l1K3Wpazpcjw0TUQrsKmZsTF-a-ZXLqBuGXwcvKSkgkZIfqi2R1f11rqDv5Plmsw6vq3yUXoTdNkB3zPkS7vwNyHyk9iEndszqkK40YSeDSkv6HULUPvaJboEzBdi0CjsiupYEJTOFy9GLMrj2C5DHwnKsPjdP8Ees0B4VlEFbYA",
"payload": "e30"
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/156476404/PLIwPg HTTP/1.1" 200 192
Received response:
HTTP 200
Server: nginx
Date: Tue, 17 Nov 2020 18:57:43 GMT
Content-Type: application/json
Content-Length: 192
Connection: keep-alive
Boulder-Requester: 15396230
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index", https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/156476404;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/156476404/PLIwPg
Replay-Nonce: 0004qwgqXfKYhM2jyTmD7RURSUzcXtj2y44JLhHy9LG61tM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/156476404/PLIwPg",
"token": "_TM9ZM0Ot849w5Qw_1hYbGD-OcE8eB0g0WyqCFwLzww"
}
Storing nonce: 0004qwgqXfKYhM2jyTmD7RURSUzcXtj2y44JLhHy9LG61tM
JWS payload:
b''
Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/156476404:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTM5NjIzMCIsICJub25jZSI6ICIwMDA0cXdncVhmS1loTTJqeVRtRDdSVVJTVXpjWHRqMnk0NEpMaEh5OUxHNjF0TSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNTY0NzY0MDQifQ",
"signature": "cuNE8dKaIIR2IkHHkRSibUWcXT5Jy3WKmUL8i87j3OvBNLxzv0uy5XI0LKyTSdkPHsXcXVHehXYue-8iRtf6miyiQD70SToh59ytoSAGsA4oXjRvUK286-FL7INrjTi1reTk-gZk9qN25pKxT8MaidBupuumGpbKNGUc9DXBQ4qfgozzpOB5WPu4seMVaoaOb1np0qtuKh6FgA2bIJ1Hnj4RT7BvguqzX94Fjo6qC4-OodjiAeK5XBGYMs03w-9m05Ujp-pt3Zfcg3ZcrmLE03ihsMaZQXBk7-MQfgax5C4p_RLTb6kItAv047C81_JphTsiQqwJG7p7XG3KEilhgw",
"payload": ""
}
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/156476404 HTTP/1.1" 200 552
Received response:
HTTP 200
Server: nginx
Date: Tue, 17 Nov 2020 18:57:44 GMT
Content-Type: application/json
Content-Length: 552
Connection: keep-alive
Boulder-Requester: 15396230
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0003Im_Du1w8gm8-lBwkeGXQ1wsYoEQXQp0-C8z04Jy7ED4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "apollo.dvanderpol.nl"
},
"status": "invalid",
"expires": "2020-11-24T18:57:39Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:dns",
"detail": "No valid IP addresses found for apollo.dvanderpol.nl",
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/156476404/PLIwPg",
"token": "_TM9ZM0Ot849w5Qw_1hYbGD-OcE8eB0g0WyqCFwLzww"
}
]
}
Storing nonce: 0003Im_Du1w8gm8-lBwkeGXQ1wsYoEQXQp0-C8z04Jy7ED4
Challenge failed for domain apollo.dvanderpol.nl
http-01 challenge for apollo.dvanderpol.nl
Reporting to user: The following errors were reported by the server:

Domain: apollo.dvanderpol.nl
Type: dns
Detail: No valid IP addresses found for apollo.dvanderpol.nl
Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

Calling registered functions
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in
sys.exit(load_entry_point('certbot==1.9.0', 'console_scripts', 'certbot')())
File "/usr/lib/python3.8/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1362, in main
return config.func(config, plugins)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 1243, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3.8/site-packages/certbot/_internal/main.py", line 122, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 418, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 351, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3.8/site-packages/certbot/_internal/client.py", line 398, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: apollo.dvanderpol.nl
    Type: dns
    Detail: No valid IP addresses found for apollo.dvanderpol.nl

My web server is (include version): apache 2.4.46

The operating system my web server runs on is (include version): Manjaro 20.2

My hosting provider, if applicable, is: own server

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.9.0

Thanks!

1 Like
2

The IP listed in DNS for that name is in the 100.64.0.0/10 block, which is non-routable Carrier-Grade NAT space. That is, the IP is only routable within your ISP, and not on the Internet at large. You need a publicly routable IP (v4 or v6) address to use HTTP-01 authentication for getting a certificate.

Your options are either 1) getting a public IP, or 2) if it's not a server intended for use on the Internet at large (just accessible internally from your network) switching to DNS authentication. (You can use DNS authentication either way; I actually find it easier but most people don't. But you need a public IP if you want the public to be able to visit the web site regardless.)

4 Likes
3

Thanks for the information, I did not know that.

2 Likes
4

To be perfectly clear:

Read alone can easily be taken out of context (from the preceding paragraph).
and therefore should be:
"Your HTTP authentication options are ..."
As you mentioned there is also DNS auth.
But there is also TLS-ALPN auth (which for some reason continues to get very little traction).
[I use it with nginx and do so without any problems]

READERS: Get involved and participate: If you read something you like, then click to like it :heart:

1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.