Unable to obtain certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
michaelstaar.com
I ran this command:
Let's Encrypt Certificate Request through Webmin
It produced this output:
Requesting a new certificate for michaelstaar.com, using the website directory /var/www/michaelstaar.com ..

.. request failed : Failed to request certificate :

Traceback (most recent call last):
File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in
main(sys.argv[1:])
File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/usr/share/webmin/webmin/acme_tiny.py", line 149, in get_crt
raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for michaelstaar.com: {'identifier': {'type': 'dns', 'value': 'michaelstaar.com'}, 'status': 'invalid', 'expires': '2023-02-17T00:08:47Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': '3.33.152.147: Invalid response from http://michaelstaar.com/.well-known/acme-challenge/lhZfeBq3pPd4TGSsLcQI8Qng0BQPxF4f-nMBwDwePJk: 404', 'status': 403}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/202222376426/Werrzw', 'token': 'lhZfeBq3pPd4TGSsLcQI8Qng0BQPxF4f-nMBwDwePJk', 'validationRecord': [{'url': 'http://michaelstaar.com/.well-known/acme-challenge/lhZfeBq3pPd4TGSsLcQI8Qng0BQPxF4f-nMBwDwePJk', 'hostname': 'michaelstaar.com', 'port': '80', 'addressesResolved': ['3.33.152.147', '15.197.142.173'], 'addressUsed': '3.33.152.147'}], 'validated': '2023-02-10T00:08:48Z'}]}

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu Server 22.04.01
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hello @mstaar, welcome to the Let's Encrypt community. :slightly_smiling_face:

Let's Debug is getting a MultipleIPAddressDiscrepancy WARNING https://letsdebug.net/michaelstaar.com/1368890
https://letsdebug.net/michaelstaar.com/1368890?debug=y

Saying "
MultipleIPAddressDiscrepancy
Warning
michaelstaar.com has multiple IP addresses in its DNS records. While they appear to be accessible on the network, we have detected that they produce differing results when sent an ACME HTTP validation request. This may indicate that some of the IP addresses may unintentionally point to different servers, which would cause validation to fail.
[Address=3.33.152.147,Address Type=IPv4,Server=ip-10-123-123-194.ec2.internal,HTTP Status=404] vs [Address=15.197.142.173,Address Type=IPv4,Server=ip-10-123-122-219.ec2.internal,HTTP Status=404]
"

This is what I see with curl

$ curl -Ii http://michaelstaar.com/.well-known/acme-challenge/sometestfile
HTTP/1.1 405 Not Allowed
Server: awselb/2.0
Date: Fri, 10 Feb 2023 00:21:37 GMT
Content-Length: 0
Connection: keep-alive
WAFRule: 0

1 Like

Here is what nslookup shows, 2 IPv4 Address

  1. 15.197.142.173
  2. 3.33.152.147

michaelstaar.com has multiple IP addresses in its DNS records. While they appear to be accessible on the network, we have detected that they produce differing results when sent an ACME HTTP validation request. This may indicate that some of the IP addresses may unintentionally point to different servers, which would cause validation to fail.

$ nslookup -q=a michaelstaar.com ns09.domaincontrol.com.
Server:         ns09.domaincontrol.com.
Address:        97.74.104.5#53

Name:   michaelstaar.com
Address: 15.197.142.173
Name:   michaelstaar.com
Address: 3.33.152.147
$ nslookup -q=a michaelstaar.com ns10.domaincontrol.com.
Server:         ns10.domaincontrol.com.
Address:        173.201.72.5#53

Name:   michaelstaar.com
Address: 15.197.142.173
Name:   michaelstaar.com
Address: 3.33.152.147

1 Like

I am not seeing the forest through the trees on this one.
Kindly wait for more knowledgeable Let's Encrypt community volunteers to assist. :slight_smile:

1 Like

Thanks for the fast response! I use dyndns to get a static address for my home server (http://staar.dyndns.org/) and point michaelstaar.com to that address. I tried to setup let's encrypt using staar.dyndns.org as well but received similar results. Is it possible to get a certificate with this kind of setup?

Below is the log when using staar.dyndns.org:

2023-02-09 19:40:03,168:DEBUG:certbot._internal.main:certbot version: 1.21.0
2023-02-09 19:40:03,168:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/letsencrypt
2023-02-09 19:40:03,168:DEBUG:certbot._internal.main:Arguments: ['-a', 'webroot', '-d', 'staar.dyndns.org', '--webroot-path', '/var/www/michaelstaar.com', '--duplicate', '--force-renewal', '--non-interactive', '--agree-tos', '--config', '/tmp/.webmin/528517_7971_1_letsencrypt.cgi', '--rsa-key-size', '2048', '--cert-name', 'staar.dyndns.org']
2023-02-09 19:40:03,168:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-02-09 19:40:03,171:DEBUG:certbot._internal.log:Root logging level set at 30
2023-02-09 19:40:03,171:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2023-02-09 19:40:03,171:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7f7372347dc0>
Prep: True
2023-02-09 19:40:03,172:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7f7372347dc0> and installer None
2023-02-09 19:40:03,172:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2023-02-09 19:40:03,198:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/957724926', new_authzr_uri=None, terms_of_service=None), 23b97e9dd4ebe4cf56435b10b3f0d63d, Meta(creation_dt=datetime.datetime(2023, 2, 10, 0, 24, 34, tzinfo=<UTC>), creation_host='staarserver', register_to_eff=None))>
2023-02-09 19:40:03,199:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-02-09 19:40:03,199:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-02-09 19:40:04,140:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 756
2023-02-09 19:40:04,140:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 10 Feb 2023 00:40:04 GMT
Content-Type: application/json
Content-Length: 756
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "YzEtV6Z7Jy8": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/get/draft-ietf-acme-ari-00/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-02-09 19:40:04,140:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for staar.dyndns.org
2023-02-09 19:40:04,241:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0003_key-certbot.pem
2023-02-09 19:40:04,243:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0003_csr-certbot.pem
2023-02-09 19:40:04,244:DEBUG:acme.client:Requesting fresh nonce
2023-02-09 19:40:04,244:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-02-09 19:40:04,301:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-02-09 19:40:04,301:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 10 Feb 2023 00:40:04 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F977xpA-S3ZMbVr1UOsSg8mgXNBHjiGwMQi7t_JYg4TwC-M
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2023-02-09 19:40:04,301:DEBUG:acme.client:Storing nonce: F977xpA-S3ZMbVr1UOsSg8mgXNBHjiGwMQi7t_JYg4TwC-M
2023-02-09 19:40:04,301:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "staar.dyndns.org"\n    }\n  ]\n}'
2023-02-09 19:40:04,302:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTU3NzI0OTI2IiwgIm5vbmNlIjogIkY5Nzd4cEEtUzNaTWJWcjFVT3NTZzhtZ1hOQkhqaUd3TVFpN3RfSllnNFR3Qy1NIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "VWdaiD9FpIk-Hs1P1PceqYRIA12wYmxCqMnH6CNIDj7fDbdE653jhV9ecUI_ZZY-kB8wOIouNzjwXVe7Dohe8KQy1IyEKo41Ivyp4Un2aJ4s_FRnX4-xwQa9kl_BX7XaXul3GnCzB_N8QuzVlfUT9APb0OGX-hj3nvZqpBnLsDJRhVbtOQIARksCArssaFYlCQgeblzVR0BcStX-PUutV4EBx5WsvetaRB0lHbF9Q-1RnFdXidVMlNX7vjwdPmuiykXk6guJAygaDWtpWZv1c6pQiP1PsRQrJatd9Jd2SmDNgfgJhNi_O91wn82NIMsjdcaRo-EDfxnzneCE4w4zrQ",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInN0YWFyLmR5bmRucy5vcmciCiAgICB9CiAgXQp9"
}
2023-02-09 19:40:04,385:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 341
2023-02-09 19:40:04,385:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 10 Feb 2023 00:40:04 GMT
Content-Type: application/json
Content-Length: 341
Connection: keep-alive
Boulder-Requester: 957724926
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/957724926/163895050056
Replay-Nonce: 2712Hq-4eTqSw8Vtb0Qkm4236beKVSTf2kKhHGqxM76cbmk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-02-17T00:40:04Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "staar.dyndns.org"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/202228892046"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/957724926/163895050056"
}
2023-02-09 19:40:04,385:DEBUG:acme.client:Storing nonce: 2712Hq-4eTqSw8Vtb0Qkm4236beKVSTf2kKhHGqxM76cbmk
2023-02-09 19:40:04,385:DEBUG:acme.client:JWS payload:
b''
2023-02-09 19:40:04,386:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/202228892046:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTU3NzI0OTI2IiwgIm5vbmNlIjogIjI3MTJIcS00ZVRxU3c4VnRiMFFrbTQyMzZiZUtWU1RmMmtLaEhHcXhNNzZjYm1rIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMDIyMjg4OTIwNDYifQ",
  "signature": "TI2EPp67Rwn3aapG9rHqE1Y4QbmnwJdVJen9fmJLeUKdIMfdDa25RCi8Mbh82pd6C6km3Ad73VG_FCTQMCackMfSdkqKrE8urtQEzbWFE5RWll4SWOPgBbJ837KPSAkh1JD1EzTz__96-R51-RjYfDMr-h-Cg-CYNyostneeiD6jq-Cp2fO72hsQ2bWIBc-f-AUIdimhMeJigSMUsd95YTSvRiph1EM1eQglH-g4C0eqPRM_3vxDOP0_k_cEMAYx6lD4pJVAplFdmOWBoma-TYRd3w5nwkaxWa5fH8f2gkCPhXszI6gzcPgKpCRrnXT7jgw5hImuMObC4-earGsvnQ",
  "payload": ""
}
2023-02-09 19:40:04,446:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/202228892046 HTTP/1.1" 200 800
2023-02-09 19:40:04,446:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 10 Feb 2023 00:40:04 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 957724926
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 2712lpjmK1kMymlBdDWFDD6_1RdPHrHmDLHwtwjExfZ0jOE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "staar.dyndns.org"
  },
  "status": "pending",
  "expires": "2023-02-17T00:40:04Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tfE5Sw",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tovs8Q",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tX7hgA",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    }
  ]
}
2023-02-09 19:40:04,447:DEBUG:acme.client:Storing nonce: 2712lpjmK1kMymlBdDWFDD6_1RdPHrHmDLHwtwjExfZ0jOE
2023-02-09 19:40:04,447:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-02-09 19:40:04,447:INFO:certbot._internal.auth_handler:http-01 challenge for staar.dyndns.org
2023-02-09 19:40:04,447:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/michaelstaar.com for all unmatched domains.
2023-02-09 19:40:04,447:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/michaelstaar.com/.well-known/acme-challenge
2023-02-09 19:40:04,447:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/michaelstaar.com/.well-known/acme-challenge/JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM
2023-02-09 19:40:04,447:DEBUG:acme.client:JWS payload:
b'{}'
2023-02-09 19:40:04,448:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tfE5Sw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTU3NzI0OTI2IiwgIm5vbmNlIjogIjI3MTJscGptSzFrTXltbEJkRFdGREQ2XzFSZFBIckhtRExId3R3akV4Zlowak9FIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yMDIyMjg4OTIwNDYvdGZFNVN3In0",
  "signature": "Yadmvy-r68VcuTl0jmYOveyxswpaIyO8-7kYHutHrDn1LDGBNMHtO-e4M5VqF5OHdzzKZxzaymd0smosb2xrYe0NrWCR7oZvzPDH_iGo-nfluirdBvp1kFp5MTSNf86Uapz5DTX6cuLriP_Z-19jsxu8lwo_gX46L7Mmdi9aTLpApHnYiqya4GIhxZRfcmIY2HbyQX8LR2THLluFgX0_QwbaBLGP9PGnJx-zRtcRaXlkp3k1DI0bgsLjCwuCJn6vaM60_XVHeZ253nmlxCpb4UJKMpTPKF2dkE4tD4TjOswurjqbt05D12Y4f_Gvkm6Om5hvwc2QdX_jcxwLk3YsXw",
  "payload": "e30"
}
2023-02-09 19:40:04,518:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/202228892046/tfE5Sw HTTP/1.1" 200 187
2023-02-09 19:40:04,518:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 10 Feb 2023 00:40:04 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 957724926
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/202228892046>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tfE5Sw
Replay-Nonce: 853FH0hTqovpdMcTBFBiEUx5rMiPd6OcYWpC4inEHf2YI10
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tfE5Sw",
  "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
}
2023-02-09 19:40:04,518:DEBUG:acme.client:Storing nonce: 853FH0hTqovpdMcTBFBiEUx5rMiPd6OcYWpC4inEHf2YI10
2023-02-09 19:40:04,519:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-02-09 19:40:05,520:DEBUG:acme.client:JWS payload:
b''
2023-02-09 19:40:05,520:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/202228892046:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTU3NzI0OTI2IiwgIm5vbmNlIjogIjg1M0ZIMGhUcW92cGRNY1RCRkJpRVV4NXJNaVBkNk9jWVdwQzRpbkVIZjJZSTEwIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMDIyMjg4OTIwNDYifQ",
  "signature": "Z1mrPtpq-5jYpZhRyMH05KE4Lri_KlpBt0Lik2oY4Up3WHhIq4YR4ZFNx1iOFT5eUiOOguXJz8TNRToz-NlPdzEGI70DA-wcJvywdxm39CGNnJy9O29Ey7HWNprfk9UGwyj5VSrMUxVAaH9eCjqWFKksq1h5xCJn4ZD7svgtwGKU9uYgw0Gq8QW8izZOPBHsgIBzlrAciRxl1_YY4APHHIHJhZ-pUxY60uv4fmWhuEHrFIfpbPvzIU-fyao91llhfDsndiGhN1c7EFrmk4K-8rRk9RuXjqNLGnzJEacLMmHWkLuwVa9a9CU9SGsWHS-hnvGgxoJIbao5T9IhxJVnfA",
  "payload": ""
}
2023-02-09 19:40:05,594:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/202228892046 HTTP/1.1" 200 800
2023-02-09 19:40:05,594:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 10 Feb 2023 00:40:05 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 957724926
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: A5FEsqBn7vIjHTG3MJVL0mOJFZgh-i2P0FO1v4iOYphrD9A
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "staar.dyndns.org"
  },
  "status": "pending",
  "expires": "2023-02-17T00:40:04Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tfE5Sw",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tovs8Q",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tX7hgA",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    }
  ]
}
2023-02-09 19:40:05,594:DEBUG:acme.client:Storing nonce: A5FEsqBn7vIjHTG3MJVL0mOJFZgh-i2P0FO1v4iOYphrD9A
2023-02-09 19:40:08,594:DEBUG:acme.client:JWS payload:
b''
2023-02-09 19:40:08,595:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/202228892046:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTU3NzI0OTI2IiwgIm5vbmNlIjogIkE1RkVzcUJuN3ZJakhURzNNSlZMMG1PSkZaZ2gtaTJQMEZPMXY0aU9ZcGhyRDlBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMDIyMjg4OTIwNDYifQ",
  "signature": "ELmnQ97e3cdF8DEa7kbqb3_Wbx6VH1h7GwikBgz-iNLLWYzO7JVQB3Wtby0LHQ_t28XGu_oVhIGWqm_G0x-0LlrUwXPTM5fwsIizorm-K0I7wGGmW8sIqHzlK9IqYtPhtOTM4xOAV9mQ9uL59NSvzA-wLhY-ITCH8JH5Bw2wqxx_ouC3qNZA7sju9xWSiHZoLevfilk2KvEIrFshb0R7AqQjLNhqUdECSMq8LaFiBR6ng4bhhf8GC9oKZa6QuoaMkEwLRd7WXwDlxzosi-C7GXVKIkhtNq7GXZcJNXkQ5A0pY1eL5F7t2zuEFOQUE_AfLHZ86H8tbI3EhMquDI37BQ",
  "payload": ""
}
2023-02-09 19:40:08,668:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/202228892046 HTTP/1.1" 200 800
2023-02-09 19:40:08,668:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 10 Feb 2023 00:40:08 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 957724926
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: F977SrRV8HyEVJi99gBrcZnr3eWbZxUPp_KdF6sayY_aX3Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "staar.dyndns.org"
  },
  "status": "pending",
  "expires": "2023-02-17T00:40:04Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tfE5Sw",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tovs8Q",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tX7hgA",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    }
  ]
}
2023-02-09 19:40:08,668:DEBUG:acme.client:Storing nonce: F977SrRV8HyEVJi99gBrcZnr3eWbZxUPp_KdF6sayY_aX3Q
2023-02-09 19:40:11,670:DEBUG:acme.client:JWS payload:
b''
2023-02-09 19:40:11,671:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/202228892046:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTU3NzI0OTI2IiwgIm5vbmNlIjogIkY5NzdTclJWOEh5RVZKaTk5Z0JyY1pucjNlV2JaeFVQcF9LZEY2c2F5WV9hWDNRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMDIyMjg4OTIwNDYifQ",
  "signature": "SK7jMu3zjf6kBjNu3E7Xo9cA5zF3uiIxj8ln2iPoXddwUY8pAhrz5RtWsNk6f2AA-dkLvb58wJaRQUfGDIVkDlNqtbsgrxs5UoxfotszO3G7mIlWKeDd61g7jKiK5mYU7S1WTnuxiILKuFFPejEuch_bd8dcJURBD2tCgC5r0lWXsWxoHSHiWiDISiu28K63g9nMQLDrEqALIAu8-Xw_ditysx4xCC16TDNRhWaY9K83fsVNDso_5L88CsXw_sA56tGzz_vlz3kDH5nHHr39aA-DBx3sAg_QEAR2vxKOVKtmwSd6Cms8JMwL0do6ArZLg-Jy6tooUTy2vzu411cnjQ",
  "payload": ""
}
2023-02-09 19:40:11,740:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/202228892046 HTTP/1.1" 200 800
2023-02-09 19:40:11,740:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 10 Feb 2023 00:40:11 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 957724926
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: A5FEo1NmAgYiV4UhfVxJYBwilCLEAxEdz-q3kg2sfs8iXVI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "staar.dyndns.org"
  },
  "status": "pending",
  "expires": "2023-02-17T00:40:04Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tfE5Sw",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tovs8Q",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tX7hgA",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    }
  ]
}
2023-02-09 19:40:11,740:DEBUG:acme.client:Storing nonce: A5FEo1NmAgYiV4UhfVxJYBwilCLEAxEdz-q3kg2sfs8iXVI
2023-02-09 19:40:14,742:DEBUG:acme.client:JWS payload:
b''
2023-02-09 19:40:14,743:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/202228892046:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTU3NzI0OTI2IiwgIm5vbmNlIjogIkE1RkVvMU5tQWdZaVY0VWhmVnhKWUJ3aWxDTEVBeEVkei1xM2tnMnNmczhpWFZJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMDIyMjg4OTIwNDYifQ",
  "signature": "A3EfnT0oDEnnSE0-NFmavmmCj_Bgzhe825GXKHxRMYiO3-Bht0VX647ktdvxrET0LE4WOmFn6sIdtouH4IE0i70ddoIEQ3v8yrBwQmJ6yOIhV1N9YCr2ug-y6WQTTdmQyIRhrm1Mxr0eZn-YGAc584v_WH4JBz5pFpaox_k6nWOSJFIkgbjweaGOG8WXhTsg8X4RywtrZflT72eW4KBn3k_x5kY4cxQX146Bi5UtdjhHmqXcdpOW_pqOkR1So_T_0gduGj1-uIIrVwC3sxCtKq7glpTu26PX31DmAA689FcTWa8_uE6z8u6FKznCgVOwIEQRP6AdJYmX-d3obwAZcQ",
  "payload": ""
}
2023-02-09 19:40:14,812:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/202228892046 HTTP/1.1" 200 800
2023-02-09 19:40:14,812:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 10 Feb 2023 00:40:14 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 957724926
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: A5FErZjGaqjRTmzScLVkoK8pg7LRQDZOOk2m7azKF7rUtAs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "staar.dyndns.org"
  },
  "status": "pending",
  "expires": "2023-02-17T00:40:04Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tfE5Sw",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tovs8Q",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tX7hgA",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM"
    }
  ]
}
2023-02-09 19:40:14,812:DEBUG:acme.client:Storing nonce: A5FErZjGaqjRTmzScLVkoK8pg7LRQDZOOk2m7azKF7rUtAs
2023-02-09 19:40:17,814:DEBUG:acme.client:JWS payload:
b''
2023-02-09 19:40:17,815:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/202228892046:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTU3NzI0OTI2IiwgIm5vbmNlIjogIkE1RkVyWmpHYXFqUlRtelNjTFZrb0s4cGc3TFJRRFpPT2sybTdhektGN3JVdEFzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMDIyMjg4OTIwNDYifQ",
  "signature": "OXNPHTAbFFs8gUPE0ML138Gc0k7Hqr1Xjj1EY7JQja61sVXZRimwhRmWm7rncdnZPNF-cXMNpSq-TsYB0IsmhV-emZlIl-1uZYKufa3OL-sNHG1Q4b4j4qpdRd-OdoLLnVy8JSNJAi-E9LsCIMfgsXfEpmkqLKQkFInrS1-11UkViQ8vlhrGGGqWfGjgRX7nZD556DOPlAx4x6llKCPVwZTsoQbBNJqlTAkBSik0b4ZP_rzN8MLpxlF1_sDOkQeFN7qyHNym6RT3PZuyGIOIRXa7ZkIzsjYCgzM7fKgelc9Oa2MfeN3hecyZdW08sQ6-Ib0bvx3AH2o07DTIcK5lvg",
  "payload": ""
}
2023-02-09 19:40:17,874:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/202228892046 HTTP/1.1" 200 1095
2023-02-09 19:40:17,875:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 10 Feb 2023 00:40:17 GMT
Content-Type: application/json
Content-Length: 1095
Connection: keep-alive
Boulder-Requester: 957724926
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: A5FEGc4urMM5U6z4vWYN4FboJHGH2AhztycJeOxGn4WRW4s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "staar.dyndns.org"
  },
  "status": "invalid",
  "expires": "2023-02-17T00:40:04Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "2600:1700:62b3:10f::1003: Fetching http://staar.dyndns.org/.well-known/acme-challenge/JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/202228892046/tfE5Sw",
      "token": "JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM",
      "validationRecord": [
        {
          "url": "http://staar.dyndns.org/.well-known/acme-challenge/JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM",
          "hostname": "staar.dyndns.org",
          "port": "80",
          "addressesResolved": [
            "2600:1700:62b3:10f::1003"
          ],
          "addressUsed": "2600:1700:62b3:10f::1003"
        }
      ],
      "validated": "2023-02-10T00:40:04Z"
    }
  ]
}
2023-02-09 19:40:17,875:DEBUG:acme.client:Storing nonce: A5FEGc4urMM5U6z4vWYN4FboJHGH2AhztycJeOxGn4WRW4s
2023-02-09 19:40:17,875:INFO:certbot._internal.auth_handler:Challenge failed for domain staar.dyndns.org
2023-02-09 19:40:17,875:INFO:certbot._internal.auth_handler:http-01 challenge for staar.dyndns.org
2023-02-09 19:40:17,875:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: staar.dyndns.org
  Type:   connection
  Detail: 2600:1700:62b3:10f::1003: Fetching http://staar.dyndns.org/.well-known/acme-challenge/JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2023-02-09 19:40:17,875:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-02-09 19:40:17,875:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-02-09 19:40:17,875:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-02-09 19:40:17,875:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/michaelstaar.com/.well-known/acme-challenge/JxHYk4uH1ZZJgIkzjBIEbmyY8ej2NgT6g9Vg0jrrRJM
2023-02-09 19:40:17,875:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2023-02-09 19:40:17,875:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1434, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 90, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 178, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-02-09 19:40:17,876:ERROR:certbot._internal.log:Some challenges have failed.
1 Like

Before someone jumps on you for the option, please search this community forum on that option so you are prepared for the responses.

Here is the search Search results for '-force-renewal order:latest' - Let's Encrypt Community Support please read some of the Topics and Posts.

1 Like

It looks like your DNS provider is using a kind of URL Redirect service through AWS ELB (Amazon AWS Elastic Load Balancer).

These kinds of URL Redirects won't work well for HTTP Challenge cert requests. And, frankly, they often don't work well even for regular HTTPS requests.

Your DNS should use A and/or AAAA records to point directly to the public IP of your Ubuntu server. (A is for IPv4, AAAA for IPv6)

If you don't know how to adjust your DNS you should contact your domain registrar.

DETAILS:

Your DNS has two A records for IP addresses which are AWS ELB endpoints (or AWS Global Accelerator). These should be your Ubuntu IP address instead.

nslookup michaelstaar.com
A Address: 15.197.142.173
A Address: 3.33.152.147

Another clue your DNS is wrong is a curl HEAD request is rejected indicating a "Server: awselb". While this could be possible in a valid setup you did not describe yours as being a load-balanced AWS config so confirms my suspicion of a URL Redirect service interfering.

curl -I http://michaelstaar.com
HTTP/1.1 405 Not Allowed
Server: awselb/2.0
4 Likes

This is not much better:

Name:      staar.dyndns.org
Addresses: 2600:1700:62b3:10f::1003
           192.168.68.76  <<<<<<<<<<<<<<<<< NON-ROUTABLE IP

That means only IPv6 can be reached from the Internet.
Does you site work from the Internet?

3 Likes

@mstaar,

Please consider reading

These are the three ways to get a Let's Encrypt certificate, in each case based on doing something publicly visible to the outside world (to confirm that the certificate request really came from the owner or operator of the domain).

The HTTP-01 and TLS-ALPN-01 methods involve Let's Encrypt servers making a connection directly to your web server (from data centers elsewhere on the Internet). In that case, that machine or something correctly answering on behalf of it will have to be reachable and accessible to the public (potentially on every IPv4 and IPv6 address listed for it in DNS) at the time of the certificate request.

6 Likes

Yes, it does work from the internet. I think it's something related to dyndns. I'll check out the settings for that service and see if I can figure something out from there and try again.

rg305/MikeMcQ - thank you very much! There was a bad network setting and on top of that the dyn updater was not working properly. I manually set my current ip and the process was then successful with staar.dyndns.org. It still didn't work with michaelstaar.com but I suspect that is because I'm forwarding it to staar.dyndns.org

2 Likes

Yes, michaelstaar should have IP addresses of your Ubuntu (it still does not)

Or, you could quit using michaelstaar.com and instead use www.michaelstaar.com

Then, use CNAME to point this www domain to staar.dyndns.org

2 Likes

It definitely depends on how it forwards.
Not all forwarding methods are compatible with ACME challenge requests.

2 Likes

This one looks to rely on frameset html redirects which we often see with these URL Redirect services.

But, yes, if it was an actual server doing HTTP redirects of course that would be fine.

4 Likes

I've been using a dynamic dns service for so long I haven't looked at other options for a while. It turns out godaddy offers APIs to check your dns info and update the A record. I just wrote a simple script to call it, check the server's ip and update the A record if needed so I don't need the dyndns service and no longer need to have forwarding done. Everything works now and I was able to get a certificate. You guys are great! Thanks a lot for helping me troubleshoot this...

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.