I am trying to get a certificate, to use on a Docker container.
When I run certbot I get says that the IP is not valid (I can ping and it redirects to the container 10.0.75.2).

My domain is:
http://portal.cpm-dev.phpmick.co.uk/

I ran this command:
certbot --apache -d www.portal.cpm-dev.phpmick.co.uk -n --email nottherealone@yahoo.com --agree-tos

It produced this output:
Domain: portal.cpm-dev.phpmick.co.uk
Type: None
Detail: No valid IP addresses found for
portal.cpm-dev.phpmick.co.uk

My web server is (include version):
Apache2

The operating system my web server runs on is (include version):
Debian 9.9

My hosting provider, if applicable, is:
n/a

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.28.0

Thanks,

Mick

Hi @ArtisanTinkerer

your configuration can’t work. Checked via https://check-your-website.server-daten.de/?q=portal.cpm-dev.phpmick.co.uk

That’s a private ip address, not a public, worldwide visible ip address:

Y portal.cpm-dev.phpmick.co.uk

10.0.75.2
Warning: Private ip address found. No connection possible. There are two types of ip addresses: Worldwide unique, global addresses and private addresses. If you want that other users connect your domain, your domain must have minimal one A- (ipv4) or AAAA- (ipv6) entry with a global ip address. Check https://en.wikipedia.org/wiki/Private_network to understand the details: 10.0.0.0 to 10.255.255.255: Class A - one private net with 16.777.216 adresses

So it’s impossible that Letsencrypt checks your domain.

So can’t I just use DNS challenge?

You could certainly use DNS challenge, since you have a registered domain and it is visible in public DNS.

For example, via GoDaddy API using something like https://github.com/Neilpang/acme.sh/wiki/dnsapi#4-use-godaddycom-domain-api-to-automatically-issue-cert

Your command has used the certbot --apache part.

That’s http validation, not DNS validation.

Switch to DNS validation if you don’t have a public ip address.

This is exactly what I am trying to do.

Now I am getting:

 Detail: DNS problem: NXDOMAIN looking up TXT for*

This is my command:

certbot -d portal.cpm-dev.phpmick.co.uk --manual --preferred-challenges=dns --register-unsafely-without-email --server https://acme-v02.api.letsencrypt.org/directory  --agree-tos --no-eff-email```

The record I am adding looks like this:
TXT 
Host: _acme-challenge
TXT Value 6x79l66NKqqM7i5t0AchangedsQwoikcvXsxShbyNRo


What am I doing wrong?

Mick

Looks like you use the wrong place - there is nothing visible. Not a correct, not a wrong entry.

12. TXT - Entries

GoDaddy - ns65.domaincontrol.com - is your name server.

If I add a TXT record for phpmick.co.uk then check with https://check-your-website.server-daten.de then I can see it.

It’s only when I want to add it for _acme-challenge.portal.cpm-dev (or _acme-challeng.cpm-dev ) that it’s not visible.

Mick

Yep, there - https://check-your-website.server-daten.de/?q=phpmick.co.uk#txt - is the correct entry:

_acme-challenge.phpmick.co.uk
6x79l66NKqqM7i5t0AcO9MK6xsQwoikcvXsxShbyNRo
looks good, correct length, correct characters

_acme-challenge.portal.cpm-dev should be the correct domain name, then phpmick.co.uk is added. Or has cpm-dev an own zone?

PS: No, it’s the same zone.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.