Obtaining a new certificate
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/acme/jose/jwa.py:110: DeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)
Performing the following challenges:
tls-sni-01 challenge for xxx.xxx.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. xxx.xxx.com(tls-sni-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for xxx.xxx.com
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: xxx.xxx.com
Type: unknownHost
Detail: No valid IP addresses found for xxx.xxx.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I've moved your topic to "Help" category. When you create post there, you are automatically presented with issue template; I won't paste it there, as some answers are pretty obvious now, but there is important thing you should know:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Without domain name it's much harder to help, but I'll guess that you're trying to obtain certificate for some internal domain. Challenge methods HTTP-01 and TLS-SNI-01 require that domain you want to include in certificate has to have A or AAAA DNS records containing public IP addresses of server you're running certbot on, as Let's Encrypt validation servers would try to connect to them to prove domain ownership. If that's the case, you should use DNS-01 challenge.