Some challenges have failed on Nginx

Hi everyone, I would like to ask some help on how to get an ssl certificate using a Certbot. Whenever I try to run sudo certbot --nginx, I keep getting “ some challenges have failed “ . Although I have read some threads with similar issues, I still don’t understand what to do as there are some terminologies that I’m not yet familiar with and this is actually the first time im going to use this on a web. If possible, can anyone guide me step by step on how to fix this? Your help would be greatly appreciated .

This is the output I produced:

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: helpdesk.dilc.info
Type: dns

• Detail: no valid A records found for helpdesk.dilc.info; no valid AAAA records found for helpdesk.dilc.info*

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.

My domain is: helpdesk.dilc.info

I ran this command: certbot --nginx

My web server is (include version): Nginx 1.18.0

The operating system my web server runs on is (include version): Ubuntu 22.04.4

My hosting provider, if applicable, is: X

I can login to a root shell on my machine (yes or no, or I don't know): i dont know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Cerbot 2.10.0

Thank you in advance !

Hello @ajaxx, welcome to the Let's Encrypt community.

ReservedAddress
FATAL
A private, inaccessible, IANA/IETF-reserved IP address was found for helpdesk.dilc.info. Let's Encrypt will always fail HTTP validation for any domain that is pointing to an address that is not routable on the internet. You should either remove this address and replace it with a public one or use the DNS validation method instead.
10.16.11.228

You are using a

Edit:
From the server's command line execute; those IP Addresses are the ones you want your public DNS to offer up as answers for DNS A Records (and possibly DNS AAAA Records if you have IPv6).

curl -4 ifconfig.me
curl -6 ifconfig.me

and/or

curl -4 ifconfig.co
curl -6 ifconfig.co

and/or

curl -4 ifconfig.io
curl -6 ifconfig.io

Hi @Bruce5051 , thank you for the quick reply! I just confirmed it with our administrator, and i was really using the private one . when i try to run curl -4 ifconfig.me the output was 202.92.129.228 which is the public one . I will try the installation again, to see if it will get fixed . Thank you

Hello @ajaxx,

Presently there are 2 DNS A Records
https://letsdebug.net/helpdesk.dilc.info/1973624?debug=y

HTTPRecords
DEBUG
A and AAAA records found for this domain
helpdesk.dilc.info. 0 IN A 202.92.129.228
helpdesk.dilc.info. 0 IN A 10.16.11.228

$ nslookup helpdesk.dilc.info dns1.registrar-servers.com.
Server:         dns1.registrar-servers.com.
Address:        156.154.132.200#53

Name:   helpdesk.dilc.info
Address: 202.92.129.228
Name:   helpdesk.dilc.info
Address: 10.16.11.228

So, great the IPv4 Address of 202.92.129.228 was added, however Let’s Encrypt will still likely try the IPv4 Address of 10.16.11.228. Thus
please remove the DNS A Record containing the IPv4 Address of 10.16.11.228

Hi @ajaxx,

Presently I see (nice).

$ nslookup helpdesk.dilc.info dns1.registrar-servers.com.
Server:         dns1.registrar-servers.com.
Address:        156.154.132.200#53

Name:   helpdesk.dilc.info
Address: 202.92.129.228

And it looks like the presently being served corticate https://decoder.link/sslchecker/helpdesk.dilc.info/443
and all is good SSL Server Test: helpdesk.dilc.info (Powered by Qualys SSL Labs)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.