Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: wgvc.com
I ran this command:
sudo certbot certonly --apache
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
1: dcscrabble.org
2: upload.harzxes.net
3: informatrix.international
4: tsh.letsplayscrabble.com
5: timeisthefireinwhichweburn.org
6: www.timeisthefireinwhichweburn.org
7: wgvc.com
8: bulk.wgvc.com
9: dcscrabbleclub.wgvc.com
10: lps.wgvc.com
11: media.wgvc.com
12: qr.wgvc.com
13: recipes.wgvc.com
14: test.wgvc.com
15: tsh.wgvc.com
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 4 10
Requesting a certificate for tsh.letsplayscrabble.com and lps.wgvc.com
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: lps.wgvc.com
Type: dns
Detail: DNS problem: query timed out looking up A for lps.wgvc.com; no valid AAAA records found for lps.wgvc.com
Domain: tsh.letsplayscrabble.com
Type: dns
Detail: DNS problem: query timed out looking up A for tsh.letsplayscrabble.com; no valid AAAA records found for tsh.letsplayscrabble.com
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
ubuntu@ip-172-30-6-115:~$ apache2 -v
Server version: Apache/2.4.58 (Ubuntu)
Server built: 2025-07-14T16:22:22
The operating system my web server runs on is (include version):
ubuntu@ip-172-30-6-115:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=24.04
DISTRIB_CODENAME=noble
DISTRIB_DESCRIPTION="Ubuntu 24.04.2 LTS"
My hosting provider, if applicable, is:
Minimal Ubuntu server image launched into AWS EC2 and enhanced as needed.
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
ubuntu@ip-172-30-6-115:~$ certbot --version
certbot 4.2.0
====
I've been running this instance (MediaWiki on apache2) with LE for going on a year (for personal use) as well as another for my employer and LPS has been great, the multiple domains listed in the interaction above all have LE certs auto-renewing with no problem.
But I tried to add two new hostnames, lps.wgvc.com and tsh.letsplayscrabble.com, to point to the same apache server dir on my site and certbot keeps failing with the DNS errors. After looking at other instances of this problem I tried dnsviz.net and ... it looks like I can't attach the .svg's I downloaded b/c I'm new here? But anyone interested I guess can go there and see the reports, I'm new to that level of detail but aside from one being 'insecure' and the other not answering over UDP they look fine--unless those are legit problems?
I created the two hostnames as aliases so I had one I could manipulate (lps.wgvc.com) while the 'canonical' site name (tsh.letsplayscrabble.com) was owned by the operator I'm setting up the service for. wgvc.com is under r4l.com and letsplayscrabble.com is squarespace and they are both failing certbot's lookup.
You can go visit both of these sites and see that they're serving up data just fine except they have no certificates. So I'm stumped.
For an example of a view on the server (differentiated by hostname) that's working ok you are welcome to look at ... let's say ... recipes.wgvc.com.
Pretty sure I'm about to learn something, so bring it on and "Thanks in advance for any assistance you can provide."
--gvc
