No valid IP addresses found for

I am trying to get a certificate, to use on a Docker container.
When I run certbot I get says that the IP is not valid (I can ping and it redirects to the container

My domain is:

I ran this command:
certbot --apache -d -n --email --agree-tos

It produced this output:
Type: None
Detail: No valid IP addresses found for

My web server is (include version):

The operating system my web server runs on is (include version):
Debian 9.9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.28.0



Hi @ArtisanTinkerer

your configuration can’t work. Checked via

Host T IP-Address is auth. ∑ Queries ∑ Timeout A
No Hostname found yes 1 0
AAAA yes A
No Hostname found yes 1 0
AAAA yes

That’s a private ip address, not a public, worldwide visible ip address:

Warning: Private ip address found. No connection possible. There are two types of ip addresses: Worldwide unique, global addresses and private addresses. If you want that other users connect your domain, your domain must have minimal one A- (ipv4) or AAAA- (ipv6) entry with a global ip address. Check to understand the details: to Class A - one private net with 16.777.216 adresses

So it’s impossible that Letsencrypt checks your domain.

1 Like

So can’t I just use DNS challenge?

You could certainly use DNS challenge, since you have a registered domain and it is visible in public DNS.

For example, via GoDaddy API using something like

Your command has used the certbot --apache part.

That’s http validation, not DNS validation.

Switch to DNS validation if you don’t have a public ip address.

This is exactly what I am trying to do.

Now I am getting:

 Detail: DNS problem: NXDOMAIN looking up TXT for*

This is my command:

certbot -d --manual --preferred-challenges=dns --register-unsafely-without-email --server  --agree-tos --no-eff-email```

The record I am adding looks like this:
Host: _acme-challenge
TXT Value 6x79l66NKqqM7i5t0AchangedsQwoikcvXsxShbyNRo

What am I doing wrong?


Looks like you use the wrong place - there is nothing visible. Not a correct, not a wrong entry.

12. TXT - Entries

Domainname TXT Entry Status ∑ Queries ∑ Timeout ok 1 0 ok 1 0 Name Error - The domain name does not exist 1 0 Name Error - The domain name does not exist 1 0 Name Error - The domain name does not exist 1 0

GoDaddy - - is your name server.

If I add a TXT record for then check with then I can see it.

It’s only when I want to add it for _acme-challenge.portal.cpm-dev (or _acme-challeng.cpm-dev ) that it’s not visible.


Yep, there - - is the correct entry:
looks good, correct length, correct characters

_acme-challenge.portal.cpm-dev should be the correct domain name, then is added. Or has cpm-dev an own zone?

PS: No, it’s the same zone.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.