Not able to Generate SSL Certificates

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: datoromedia.com

I ran this command: sudo certbot certonly --agree-tos --email anil.harhu@gmail.com --webroot -w /var/lib/letsencrypt/ -d datoromedia.com -d www.datoromedia.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for datoromedia.com
http-01 challenge for www.datoromedia.com
Using the webroot path /var/lib/letsencrypt for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.datoromedia.com (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for www.datoromedia.com, datoromedia.com (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for datoromedia.com

IMPORTANT NOTES:

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

You have no ip address configured, configure an ip address in your dns panel (does “transip” mean anything to you?)

% dig datoromedia.com

; <<>> DiG 9.16.1-Ubuntu <<>> datoromedia.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9688
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;datoromedia.com.		IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: gio mag 07 11:08:50 CEST 2020
;; MSG SIZE  rcvd: 44

You should answer this question

It’s already configured, Can you help what wrong I’ve configured?

Hi @HarhuTech

looks like you are doing something wrong - see https://check-your-website.server-daten.de/?q=datoromedia.com

Host T IP-Address is auth. ∑ Queries ∑ Timeout
datoromedia.com A yes 2 0
AAAA yes
www.datoromedia.com C datoromedia.com yes 1 0

Your CNAME exists. But no A-record.

But the reason is simple:

:~$ dig A *.datoromedia.com.datoromedia.com.

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> A *.datoromedia.com.datoromedia.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 263
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;*.datoromedia.com.datoromedia.com. IN A

;; ANSWER SECTION:
*.datoromedia.com.datoromedia.com. 300 IN A 134.209.81.249

;; Query time: 99 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Thu May 07 12:46:10 CEST 2020
;; MSG SIZE rcvd: 78

Your main domain doesn’t have an A record. Instead, the subdomain

*.datoromedia.com.datoromedia.com.

has one.

Create an A record with @ as name and your ip address, then recheck your domain with the online tool to see, if your A-record is visible.

1 Like

Thanks for reply, I did that but still the certificates does not generated and having a same problem. does it take time to update?

What? There is no new online check of your domain.

1 Like

It works fine now. thanks a lot.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.