No valid IP addresses found for

My domain is:

I ran this command:
sudo certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

	Which names would you like to activate HTTPS for?
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	Select the appropriate numbers separated by commas and/or spaces, or leave input
	blank to select all options shown (Enter 'c' to cancel): 
	Obtaining a new certificate
	Performing the following challenges:
	http-01 challenge for
	http-01 challenge for
	Enabled Apache rewrite module
	Waiting for verification...
	Challenge failed for domain
	Challenge failed for domain
	http-01 challenge for
	http-01 challenge for
	Cleaning up challenges
	Some challenges have failed.

	 - The following errors were reported by the server:

	   Type:   dns
	   Detail: No valid IP addresses found for

	   Type:   dns
	   Detail: No valid IP addresses found for

My DNS records:
	Type	Name					Value									TTL
	A								1 Hour
	A								1 Hour
	CNAME	_domainconnect			1 Hour
	NS		@						1 Hour	
	NS		@						1 Hour	
	SOA	@						Primary nameserver:	1 Hour	
	CNAME	www					@										1 Hour
	A		@								1 Hour

My web server is (include version):
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2020-08-12T19:46:17

The operating system my web server runs on is (include version):
Ubuntu 20.04.2 LTS

My hosting provider, if applicable, is:
I am running the website on a Raspberry Pi, model 4.
Local IP address:
The website is accessible through port forwarding on my router.
Internet IP address:

I can login to a root shell on my machine (yes or no, or I don’t know):
ssh ubuntu@

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
I us only to manage my DNS records

This is a CGNAT address: Carrier-grade NAT - Wikipedia.

It means that your ISP does not give you a real IPv4 address. Instead, they have you share a pool of IP addresses with your fellow ISP customers.

Unfortunately this means you cannot effectively host a web server, because nobody outside your local network can connect to it.

If you want a certificate anyway, you might be able to get one using DNS validation. Since you use GoDaddy, you could use this method.


Hello @protteveel,

Based on your IP, I'm afraid you are using CGNAT so it is not possible to access your site from internet.

If you want a certificate you could use the dns challenge instead of http challenge.


1 Like

Thanks for your reply, @sahsanu.
Can you explain how to use an http challenge instead, please?

1 Like

I suppose you mean dns challenge.@_az already posted a link with info to use a dns plugin with GoDaddy but you should use client instead of certbot.


Thank you both @_az and @sahsanu this is very helpful! :+1: because now I have a cert! :partying_face:

I was following the instructions How To Secure Apache with Let's Encrypt on Ubuntu 20.04.

But since my setup will not work with CGNAT and I have the cert now, can you maybe point me to the instructions on how to install it on Apache 2 for Ubuntu 20 LTS, please?

1 Like

Within the same ISP... it maybe possible to remain unique and accessible.
However, LE is definitely outside that network and won't be able to validate it via HTTP from multiple global locations.

Do you mean that you have now obtained a certificate with and would like to configure Apache to use it?

You'll have to configure Apache manually to do that, by creating an HTTPS virtualhost.

A good place to start is these two resources:

I think approximately you'll want to do something like: --install-cert -d \
--fullchain-file /etc/apache2/cyberrabbit.crt  \
--key-file       /etc/apache2/cyberrabbit.key  \
--reloadcmd     "service apache2 reload"

then update your Apache configuration like so:

# intermediate configuration
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder     off
SSLSessionTickets       off

SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

<VirtualHost *:443>

    # DocumentRoot /var/www/html/ (or wherever your site is)
    SSLEngine on
    SSLCertificateFile /etc/apache2/cyberrabbit.crt
    SSLCertificateKeyFile /etc/apache2/cyberrabbit.key
    Protocols h2 http/1.1

    # Then the rest of your website configuration goes here ...

then reload Apache:

service apache2 reload

Untested instructions but they're the approximate outline of how to use your certificate with Apache on Ubuntu.


Thanks, @_az; the website is now accessible through a secure connection:

curl -Iki
curl: (6) Could not resolve host:


Unfortunately, not for people outside of your own ISP, because of the CGNAT issue that was mentioned in the beginning of the thread. :frowning:


Thanks for letting me know, @schoen; much appreciated.

I am waiting for my ISP to get me a static IP address.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.