RRSIGs Missing from ACME server

Hello All,

I've tried to set up my local raspberry server to obtain HTTPS certificates, but I was running into the issue detailed below. I've already checked the related DNS response using a tool suggested by different forums: cert-test.solova.com | DNSViz

For me it seems to be okay, just a warning. I can contact my DNS provider if needed, but I don't know what to ask exactly. The error message does not contain too much details. Could the warning be the problem? If not, then would you be able to suggest, please?

My domain is: cert-test.solova.com
I ran this command: certbot --nginx -d cert-test.solova.com
It produced this output:

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: cert-test.solova.com
  Type:   dns
  Detail: DNS problem: looking up A for cert-test.solova.com: DNSSEC: RRSIGs Missing; no valid AAAA records found for cert-test.solova.com

Result URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/274469031556/nmYCwQ
My web server is (include version): nginx 1.18.0
The operating system my web server runs on is (include version): Raspbian (Linux 6.1.21-v8+ aarch64)
I can login to a root shell on my machine: yes
I'm using a control panel to manage my site: no
The version of my client is: certbot 2.7.1

Hi @lsolova, and welcome to the LE community forum :slight_smile:

You can't use an RFC 1918 IP address when authenticating via HTTP-01:

Name:    cert-test.solova.com
Address: 172.30.184.127

You could either:

  • switch to DNS-01 authentication
  • provide a routable IP address that can reach your "cert-test" system
5 Likes

Hi @rg305 ,

It was working with DNS-01 challenge. You are awesome. I had to read a bit more, because my DNS provider, Joker.com is not on the list of supported providers, but they have a certbot plugin for that.

Thank you so much for being quick and kind.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.