Certbot: No valid ip addresses found / Invalid response found (From Google Cloud)

Question

I got this cmd:

sudo certbot --apache -d pushupteam.dev -d www.pushupteam.dev

and this is. what I got :

Saving debug log to /var/log/letsencrypt/letsencrypt.log


 Plugins selected: Authenticator apache, Installer apache
    Obtaining a new certificate

Performing the following challenges:
http-01 challenge for pushupteam.dev
http-01 challenge for www.pushupteam.dev
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.pushupteam.dev (http-01): urn:ietf:params:acme:error:un
authorized :: The client lacks sufficient authorization :: Invalid response from http://www
.pushupteam.dev/.well-known/acme-challenge/j4gaJn6vX6tvEGu0HQagjT69Oc3R7l_VJ8CgaluAnLk [34.
89.161.114]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>40
4 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", pushupteam.dev (http-01): urn:
ietf:params:acme:error:dns :: No valid IP addresses found for pushupteam.dev
IMPORTANT NOTES:
 - The following errors were reported by the server:
   Domain: pushupteam.dev
   Type:   None
   Detail: No valid IP addresses found for pushupteam.dev
 - The following errors were reported by the server:
   Domain: www.pushupteam.dev
   Type:   unauthorized
   Detail: Invalid response from
   http://www.pushupteam.dev/.well-known/acme-challenge/j4gaJn6vX6tvEGu0HQagjT69Oc3R7l_VJ8C
galuAnLk
   [34.89.161.114]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I have the Domain from Namecheap & I use google cloud DNS.

what is the Problem? I have only interest in ipv4 so no AAAA record;

also, my ufw is disabled (like all google VMs)

Edit:

my etc/apache2/sites-available/srv.conf

<VirtualHost *:80>
 ServerAdmin admin@pushupteam.dev
 DocumentRoot /var/www/html/
 ServerName pushupteam.dev
 <Directory /var/www/html/>
Options +FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
 </Directory>
 ErrorLog /var/log/apache2/codeigniter-error_log
 CustomLog /var/log/apache2/codeigniter-access_log common
</VirtualHost>

I use Ubuntu 18.04 LTS and Apache

Edit 2:

pushupteam.dev. NS  3600    ns-cloud-b1.googledomains.com.
        ns-cloud-b2.googledomains.com.
        ns-cloud-b3.googledomains.com.
        ns-cloud-b4.googledomains.com.
pushupteam.dev. SOA 3600    ns-cloud-b1.googledomains.com.
 cloud-dns-hostmaster.google.com.
 1 21600 3600 259200 300
www.pushupteam.dev. A   60  34.89.161.114

should I reconfig my DNS?

Edit 3:

Certbot creates a special file in the directory `/.well-known/acme-challenge/` in your web server's root path. The error messages says that this file is not found. Edit your question with details on your OS, web server software version and configuration files. The command that you are running is for the Apache web server. Assuming that you have the correct DNS settings (can you access your website normally?), then you have a web server configuration that Certbot does not understand. — John Hanley, Dec 29 '19 at 18:23
/.well-known/acme-challenge/ i created the fonder and created an empty file named 1234 but still no change — Youssef ARRASSEN, Dec 29 '19 at 20:41
Why would you think that creating the file 1234 would work? That is not how Certbot operates. Is your website working for normal access? What version of Apache? Please provide the details requested. — John Hanley, Dec 29 '19 at 22:39
Add the settings for your DNS Server. One of the errors is `No valid IP addresses found for pushupteam.dev` — John Hanley, Dec 30 '19 at 00:52
Server version: Apache/2.4.29 (Ubuntu) Server built: 2019-09-16T12:58:48 — Youssef ARRASSEN, Dec 30 '19 at 07:31

Promise Preston · Answer 1 · 2021-01-31T08:56:12.890

I encountered this error when trying to set up SSL for an application running in a DigitalOcean droplet.

When I run the command:

sudo certbot --nginx -d example.com -d www.example.com

I get the error:

No valid IP addresses found for www.example.com

OR

During secondary validation: No valid IP addresses found for www.example.com

Here's how I solved it:

Confirm that you have an A record pointing to your server’s public/floating/elastic/static IP address for the domain names that you are having issues with.

Say you want to obtain a certificate for example.com and www.example.com, ensure that they both have an A record pointing to your server’s public/floating/elastic/static IP address.

If you confirm that they are correctly set and you're still having the errors, then give it sometime, say, 30 mins to 1 hour and then try again, or better still run the certificate generation for the eligible domains, say :

sudo certbot --nginx -d example.com

once it becomes successful, run it again with all the domains you want to use to expand/modify it:

sudo certbot --nginx -d example.com -d www.example.com

Resources: No valid IP address found for domain when trying to get SSL certificate?

That's all.

I hope this helps

Life saver, thanks! I used the actual IP but I know it might be subject to change if I stop the server for too long. Is there a way to dynamically associate the A entry with whatever IP elastic provides? — Leonardo Pessoa, Jan 25 '23 at 20:42
You're most welcome @LeonardoPessoa. Try using an Elastic IP/Static IP/Reserved IP for your server. This ensures that if the server is stopped, the IP address is still retained. — Promise Preston, Jan 28 '23 at 15:58

score 1 · Accepted Answer · answered Dec 30 '19 at 13:51

In order to run this command:

sudo certbot --apache -d pushupteam.dev -d www.pushupteam.dev

Then you need to add a DNS A resource record in your DNS server:

pushupteam.dev A 3600 34.89.161.114

Note: Do not set short TTL values for NS records. Typically this should be one day (86,400 seconds). For A records, one hour (3600 seconds) is normal. You can set these values to just about anything. Consider performance, cache timeouts, and cost.

For the Apache configuration file: /etc/apache2/sites-available/srv.conf add the line:

ServerAlias www.pushupteam.dev

and restart the Apache server:

sudo systemctl restart apache2

I am assuming that you correctly enabled srv.conf by running a command similar to a2ensite srv. Normally the configuration filename is the hostname.

To double check enabled virtual hosts, run this command:

apache2ctl -S

Make sure that both hostnames pushupteam.dev and www.pushupteam.dev are responding to normal web browser requests.

Wojtek_B · Answer 3 · 2019-12-30T15:04:04.683

0

Add a line in your Apache configuration file after the ServerName;

ServerAlias *.pushupteam.dev

and try again.

If that doesn't work also change the "A" type record - from www.pushupteam.dev to just pushupteam.dev.

edited Dec 30 '19 at 15:04

answered Dec 30 '19 at 13:00

Wojtek_B

4,245
1
7
21

score 0 · Answer 4 · answered Dec 10 '20 at 16:40

0

For me after setting the A/AAAA records the config continued failing so I've restarted nginx first:

sudo systemctl reload nginx

and then reexecuted the command

sudo certbot --nginx -d example.com -d www.example.com

And voilà.

answered Dec 10 '20 at 16:40

Max Becerra

466
10
20

Certbot: No valid ip addresses found / Invalid response found (From Google Cloud)

4 Answers4