Using certbot on local machine that has a redirect from godaddy

Hello, I am totally new to this, so any input woudl be greatly apreciated.

My domain

I ran this command:

It produced this output:

sudo certbot -v --nginx -d

My web server is (include version): nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 22

My hosting provider, if applicable, is: godaddy

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

Background. I am currently running a flask website using gunicorn and nginx on my local machine.
To do so, I forward/redirect all calls made at to my LOCAL_EXTERNAL_IP:PORT
The http part works but I wanted to use certbot to have HTTPS access too.

The error message indicates that the well-know certficate created by certbot is not accessible and hence it can't verify that I have admin access to the website.

sudo certbot --nginx -d

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Requesting a certificate for

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:


  Type:   unauthorized

  Detail: Invalid response from*********-*******0: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Thank you for your help

Hello @nono_london, welcome to the Let's Encrypt community. :slightly_smiling_face:

Using the online tool Let's Debug yields these results

Warning has multiple IP addresses in its DNS records. While they appear to be accessible on the network, we have detected that they produce differing results when sent an ACME HTTP validation request. This may indicate that some of the IP addresses may unintentionally point to different servers, which would cause validation to fail.
[Address=,Address Type=IPv4,Server=ip-10-123-123-105.ec2.internal,HTTP Status=404] vs [Address=,Address Type=IPv4,Server=ip-10-123-123-106.ec2.internal,HTTP Status=404] 

And using curl -Ii returns HTTP/1.1 405 Not Allowed

$ curl -Ii
HTTP/1.1 405 Not Allowed
Server: awselb/2.0
Date: Sat, 13 May 2023 16:48:40 GMT
Content-Length: 0
Connection: keep-alive
WAFRule: 0

Supplemental Port 443 (i.e. for HTTPS) is filtered for nmap -Pn -p80,443

$ nmap -Pn -p80,443
Starting Nmap 7.80 ( ) at 2023-05-13 16:54 UTC
Nmap scan report for (
Host is up (0.010s latency).
Other addresses for (not scanned):
rDNS record for

80/tcp  open     http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds

@Bruce5051 Tx for your reply.
On the godaddy website, there is indeed Few DNS of type A/@/CNAME/SOA which I am not sure what they are for, but it seems like I can not modify them...
One of which do point to the IP
Do you by any chance have any experience with godaddy?
Tx a lot, and sorry again as I am really starting ...


I have much experience with GoDaddy. :slightly_smiling_face:

What are you trying to accomplish?


@griffin Great!. I want to run my website on a local/VPS pc that runs Ubuntu 22.
as @Bruce5051 pointed out it seems that one of the reason(s), that may cause the problem is the fact that the predefined DNSs points to
The issue I have is that they are marked as "impossible to suppress" and marked as type "A".
I have the minimal service from godaddy, so not sure if it made to force me to pay for their own certificated or else.
Thanks a lot for the help


on the 405 issue, I am not sure what to think about it.
could it be an issue with teh reverse proxy?

It looks like you are using some sort of URL Forwarding setting or maybe URL Redirect. I forget what GoDaddy calls it. First, unset that and then you will be able to set an A record pointing to your actual IP.

A forwarding service like that does not work with HTTPS


From your server running your web server service(s) please run and share the output of

curl -4
curl -6


curl -4
curl -6

Presently your DNS has 2 A Records for the domain name

$ nslookup -q=a


@MikeMcQ I think Mike pointed out the problem. let me make some changes.
Thanks a lot for your help.

AS A DIFFERENT MATTER. I kind of have been blocked by certbot, because I was making to many "idiotic" requests. any ideas how long it takes before I can try again?

Thanks so much for being so reactive


Please see the Rate Limits.


Depends on the exact message but I'd guess 1 hour based on your explanation


It works!
Very interesting, the info @Bruce5051 was able to pickup.
Is there anything I should be worried about with this setup?
Meaning what do I expose, rather than latency etc
Thanks a lot folks!
@MikeMcQ @Bruce5051 griffin


The info Bruce showed is readily available using the public DNS and internet. I think you are asking how to make your server secure. That's an advanced discussion well beyond the scope of this forum.

You might look at the result of SSL Labs "Server Test" for your domain (spoiler: you got an 'A'). That tests some basic stuff and shows you some of what people can easily see. There are other sites and services that focus on port scanning, hardening, firewalls, and more. Yes, more :slight_smile:


Thank you @nono_london, but as @MikeMcQ has correctly pointed out I did not do anything that the public DNS and internet already has, just a tiny bit of ditch digging.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.