Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): veplopenhab.ga
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for veplopenhab.ga
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. veplopenhab.ga (http-01): urn:ietf:params:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for veplopenhab.ga
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: veplopenhab.ga
Type: unknownHost
Detail: No valid IP addresses found for veplopenhab.ga
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2018-06-07T19:43:03
The operating system my web server runs on is (include version):
Ubuntu 16.04
I am debugging on this issue.
Can you please help me solve this issue and get the certificate?
You need to add that record via “Manage Freenom DNS -> Add Record” instead.
Additionally, you need to add records for all domains you want certificates for. So if you want a certificate for veplopenhab.ga as in your first post, you must add an entry for that, not just for iot.
Additionally, you have to use a public IP address, not a 10.x.x.x or other private IP address. To use HTTP validation, Let’s Encrypt has to be able to access your server from the Internet.
But the basis of Let’s Encrypt is “domain validation”. If Let’s Encrypt cannot connect to your server to verify that you control the domain, then it cannot issue you with a certificate.
Otherwise, anybody could pretend to be “google.com” and get an SSL certificate for them.
Your other option is to use “DNS validation”. Where you deploy a TXT record in your DNS to prove your control of the domain. However, Freenom does not support programmatic deployment of these TXT records, so you cannot really use this without switching to a different DNS host (like Cloudflare).
You can get a certificate via manual DNS validation, but it will not automatically renew your certificate, so you would have to repeat every 60-90 days. It’s not the proper way to use Let’s Encrypt:
certbot -i apache -a manual --preferred-challenges dns -d veplopenhab.ga
I am new to this. I don’t know what should be followed next. As of now, I have to get certificate for my domain and need to make sure all features are working in my openhab. This is required for shot period.
After running this command “certbot -i apache -a manual --preferred-challenges dns -d veplopenhab.ga”, I am getting below error,
OUTPUT:
Performing the following challenges:
dns-01 challenge for veplopenhab.ga
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.
Are you OK with your IP being logged?
(Y)es/(N)o: Y
Please deploy a DNS TXT record under the name
_acme-challenge.veplopenhab.ga with the following value:
H6DU9QpFqclsj5zY4eTgw8ttC2qGx58ehK6fpcUw6nM
Before continuing, verify the record is deployed.
Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. veplopenhab.ga (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.veplopenhab.ga
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: veplopenhab.ga
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.veplopenhab.ga
