Univent UCS Server certificate on AWS reports No valid IP

Help
1

My domain is: intercepthorizons.com

We are using it as the main domain controller and as well as the email domain. Not additional domains

We have configured MX and A record in route53 for the external IP.

The server has an internal IP assigned as well as an external one in route 53 being 18.135.89.43

I ran this command: From Another linux server

host -t A ucs-1420.intercepthorizons.com 8.8.8.8
host -t A ucs-1420.intercepthorizons.com 209.244.0.3
host -t A ucs-1420.intercepthorizons.com 64.6.64.6

It all produced this output:

ucs-1420.intercepthorizons.com has address 18.135.89.43

Am getting this error

ValueError: Challenge did not pass for intercepthorizons.com: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'url': u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/10114153089/C8-Whw', u'token': u'O36qIFLhRyEEq8Tgh52zj0t6tSp5dvgqlFaiugiBhe4', u'type': u'http-01', u'error': {u'status': 400, u'type': u'urn:ietf:params:acme:error:dns', u'detail': u'No valid IP addresses found for intercepthorizons.com'}}], u'identifier': {u'type': u'dns', u'value': u'intercepthorizons.com'}, u'expires': u'2021-01-23T05:43:26Z'}

2 Likes
2

You're requesting a certificate for intercepthorizons.com, so you need to create an A record for that domain as well. Not just ucs-1420.intercepthorizons.com.

4 Likes
3

Do not exactly understand the purpose of assign an IP address to the entire domain ? route 53 does not allow me to do that and am sure AWS did not got it wrong. Maybe you mean something else

4

Hi @hassepedro

your challenge url https://acme-v02.api.letsencrypt.org/acme/chall-v3/10114153089/C8-Whw says, you want to create a certificate with your main domain intercepthorizons.com via http validation.

That requires a public ip address.

Remove your main domain from your command if you don't want that.

What's the Letsencrypt client you use? What's the exact command?

5

Hey Juergen

Thanks for coming back, I know what was doing wrong in the Let's encrypt app it was requesting the domain and got it wrong. When change it to the full FQDN of the server it went ok and Thunderbird app on my laptop already pick it up as an exception.

The only issue and still the same is that i cannot send e-mails just receive. I believe this as nothing to do with the certificate and is something else preventing it

Verifying ucs-1420.intercepthorizons.com...
ucs-1420.intercepthorizons.com verified!
Signing certificate...
Certificate signed!
Certificate refreshed at Sat 16 Jan 14:46:42 GMT 2021

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.