No valid IP addresses found for mail.techthat.tk

My domain is: techthat.tk

I ran this command: sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email tommasocaricato@techthat.tk -d mail.techthat.tk

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.techthat.tk
Enabled Apache rewrite module
Waiting for verification…
Challenge failed for domain mail.techthat.tk
http-01 challenge for mail.techthat.tk
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: mail.techthat.tk
    Type: dns
    Detail: No valid IP addresses found for mail.techthat.tk

My web server is (include version): Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 20.04.01

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site: no

The version of my client is : certbot 0.40.0

1 Like

That hostname resolves to a private IP address: 192.168.1.54. Let’s Encrypt can’t connect to private IP addresses for obvious reasons, so it can’t verify the authentication token.

If you really require this hostname to point to a private IP address, there is the possibility to validate the hostname through the dns-01 challenge. This requires adding (and after validation removing) a TXT record to the DNS zone. This can be done manually (not recommended), automated through (custom) scripts or by using one of the DNS plugins. Other ACME clients such as acme.sh can have even more DNS plugins available.

1 Like