"Some challenges have failed" when run "certbot certonly --standalone -d XXXX" and "certbot certonly --standalone -d XXX --debug-challenges -v"

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: Debian 12.4

I ran this command: certbot certonly --standalone -d kumoun.top --debug-challenges -v

It produced this output: sudo certbot certonly --standalone -d kumoun.top --debug-challenges -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Certificate is due for renewal, auto-renewing...
Renewing an existing certificate for kumoun.top
Performing the following challenges:
http-01 challenge for kumoun.top

Challenges loaded. Press continue to submit to CA.

The following URLs should be accessible from the internet and return the value
mentioned:

URL:
http://kumoun.top/.well-known/acme-challenge/1dTICfIm5B6tcY5_T9VUXfZoDeHVMY19oCx6pfXmjkw
Expected value:
1dTICfIm5B6tcY5_T9VUXfZoDeHVMY19oCx6pfXmjkw.pK-vJ7xN8W55iIcPLwXfS-UGMl8c8zVD-yVBrZUbehA

Press Enter to Continue
#########################################################
then i visited "http://kumoun.top/.well-known/acme-challenge/1dTICfIm5B6tcY5_T9VUXfZoDeHVMY19oCx6pfXmjkw" and this page showed string "1dTICfIm5B6tcY5_T9VUXfZoDeHVMY19oCx6pfXmjkw.pK-vJ7xN8W55iIcPLwXfS-UGMl8c8zVD-yVBrZUbehA"
#########################################################
Press Enter to Continue
Waiting for verification...
Challenge failed for domain kumoun.top
http-01 challenge for kumoun.top

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: kumoun.top
Type: dns
Detail: DNS problem: looking up A for kumoun.top: DNSSEC: DNSKEY Missing; DNS problem: looking up AAAA for kumoun.top: DNSSEC: DNSKEY Missing

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): none web server yet

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: namesino

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 2.1.0

There is an ongoing issue with the .top TLD currently. See https://letsencrypt.status.io/.

There are also a few threads about this issue on the Community already. The most relevant is probably DNS problem: looking up A for xxx.domain.top: DNSSEC: DNSKEY Missing; no valid AAAA records found for xxx.domain.top - #31 by mcpherrinm where the Let's Encrypt staff provides updates.

Please don't post "I'm having this issue too!" in those thread(s) as it doesn't really help: the issue is known already and I'm pretty certain everybody using the .top has issues.

thank you, sir.

Thanks for answer. I bought my first .top domain and got this error(

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.