I am trying to get a certificate, to use on a Docker container.
When I run certbot I get says that the IP is not valid (I can ping and it redirects to the container 10.0.75.2).
My domain is:
http://portal.cpm-dev.phpmick.co.uk/
I ran this command:
certbot --apache -d www.portal.cpm-dev.phpmick.co.uk -n --email nottherealone@yahoo.com --agree-tos
It produced this output:
Domain: portal.cpm-dev.phpmick.co.uk
Type: None
Detail: No valid IP addresses found for
portal.cpm-dev.phpmick.co.uk
My web server is (include version):
Apache2
The operating system my web server runs on is (include version):
Debian 9.9
My hosting provider, if applicable, is:
n/a
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
certbot 0.28.0
Thanks,
Mick
Hi @ArtisanTinkerer
your configuration can't work. Checked via https://check-your-website.server-daten.de/?q=portal.cpm-dev.phpmick.co.uk
That's a private ip address, not a public, worldwide visible ip address:
Y portal.cpm-dev.phpmick.co.uk
10.0.75.2
Warning: Private ip address found. No connection possible. There are two types of ip addresses: Worldwide unique, global addresses and private addresses. If you want that other users connect your domain, your domain must have minimal one A- (ipv4) or AAAA- (ipv6) entry with a global ip address. Check Private network - Wikipedia to understand the details: 10.0.0.0 to 10.255.255.255: Class A - one private net with 16.777.216 adresses
So it's impossible that Letsencrypt checks your domain.
1 Like
So can’t I just use DNS challenge?
_az
October 1, 2019, 10:20am
4
You could certainly use DNS challenge, since you have a registered domain and it is visible in public DNS.
For example, via GoDaddy API using something like https://github.com/Neilpang/acme.sh/wiki/dnsapi#4-use-godaddycom-domain-api-to-automatically-issue-cert
ArtisanTinkerer:
use DNS challenge
Your command has used the certbot --apache
part.
That's http validation, not DNS validation.
Switch to DNS validation if you don't have a public ip address.
This is exactly what I am trying to do.
Now I am getting:
Detail: DNS problem: NXDOMAIN looking up TXT for*
This is my command:
certbot -d portal.cpm-dev.phpmick.co.uk --manual --preferred-challenges=dns --register-unsafely-without-email --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --no-eff-email```
The record I am adding looks like this:
TXT
Host: _acme-challenge
TXT Value 6x79l66NKqqM7i5t0AchangedsQwoikcvXsxShbyNRo
What am I doing wrong?
Mick
ArtisanTinkerer:
What am I doing wrong?
Looks like you use the wrong place - there is nothing visible. Not a correct, not a wrong entry.
12. TXT - Entries
Domainname
TXT Entry
Status
∑ Queries
∑ Timeout
cpm-dev.phpmick.co.uk
ok
1
0
portal.cpm-dev.phpmick.co.uk
ok
1
0
_acme-challenge.portal.cpm-dev.phpmick.co.uk
Name Error - The domain name does not exist
1
0
_acme-challenge.portal.cpm-dev.phpmick.co.uk.cpm-dev.phpmick.co.uk
Name Error - The domain name does not exist
1
0
_acme-challenge.portal.cpm-dev.phpmick.co.uk.portal.cpm-dev.phpmick.co.uk
Name Error - The domain name does not exist
1
0
GoDaddy - ns65.domaincontrol.com - is your name server.
If I add a TXT record for phpmick.co.uk then check with https://check-your-website.server-daten.de then I can see it.
It’s only when I want to add it for _acme-challenge.portal.cpm-dev (or _acme-challeng.cpm-dev ) that it’s not visible.
Mick
Yep, there - https://check-your-website.server-daten.de/?q=phpmick.co.uk#txt - is the correct entry:
_acme-challenge.phpmick.co.uk
6x79l66NKqqM7i5t0AcO9MK6xsQwoikcvXsxShbyNRo
looks good, correct length, correct characters
_acme-challenge.portal.cpm-dev
should be the correct domain name, then phpmick.co.uk
is added. Or has cpm-dev an own zone?
PS: No, it's the same zone.
system
Closed
October 31, 2019, 1:37pm
10
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.