Sudo certbot --nginx erros


#1

hi:
1:when I execute the commd “sudo certbot --nginx” ,the error “Failed authorization procedure. irisnet.org (tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for irisnet.org” appears .the “irisnet.org” server start at localhost,i use the nginx “proxy_pass” and modify the file “/etc/hosts”.why?
2: because it appears error ,I execute “sudo certbot --nginx” many times ,final,other erros appears “There were too many requests of a given type :: Error creating new authz :: Too many failed authorizations recently”,why?

thanks for much


#2

It looks as if the DNS is not set up correctly for your domain, from a quick check your primary servers do not provide an IP address for your domain.


#3

but when I open the url “irisnet.org” in the browser ,it looks ok


#4

I am also seeing no IP address returned from the nameservers and it doesn’t work in a browser for me. Is it possible that this name is defined on an internal private network only or something?


#5

In your browser, relying on settings in your /etc/hosts file?

You need to create public DNS records so that Let’s Encrypt – and everyone else – can access your site from the Internet.


#6

so,i got it,thanks a lot


#7

yes,this is my private network,it server at localhost…


#8

If you want a certificate for a private network or localhost service, you can use a self-signed certificate—you can make one with openssl or for example the generator at

Then you can add it in your own browser and the browser will accept it from then on.

A certificate authority like Let’s Encrypt is trusted by browsers and so the certificates that we issue have to be given only to the people who operate particular public sites—because if we give you a certificate for irisnet.org, we’re confirming to all Internet users that you are the operator of irisnet.org, which is not correct from the other Internet users’ own point of view.


#9

However, you can use DNS-01 validatiion if you don’t want to set public A or AAAA records.

As an example, the acme.sh client comes with support for Name.com’s DNS API, and it would probably be easy to adapt to some other clients.

(And you can always do DNS-01 validation manually.)


#10

ok.i understnd,thanks.


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.