I want to certify my website that i run on a vm on a local raspberry pi server. It is accessible from the Internet and i did the A record entry on the website of my domain provider strato. i also configured the apache config so that the Server name and alias is correct. i also restarted apache after that and also my whole vm.
It produced this output: Certbot failed to authenticate soem domains(authenticator: apache). The Certificate Authority reported these Problms:
Identifier: tcg151.de
Type: dns
Detail: no valid A records found for tcg151.de, no valid AAAA records found for tcg151.de
Hint: The Certificate Authority failed to verify the temporary Apache cconfiguration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challanges have failed
My web server is (include version): Apache 2.4.64
The operating system my web server runs on is (include version): Ubuntu 25.10 on a vm
My hosting provider, if applicable, is: Strato
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 5.5.0
@dorianf You need that A record to be your public IP. The Let's Encrypt servers need to validate you from the public internet. And, public IP are needed for anyone to reach you from the public net.
If you only want a cert for use on your local network you need to use a DNS Challenge. That validates using a TXT record in the DNS rather than with HTTP requests to your server.
Thank you very much. I got it now, i think i misunderstood a tutorial on this topic. Do i need to keep the A record updated once my public ip adress changes?