SSL Certificate Error Can't be Fixed

ubuntu-20.04.2.0-desktop-amd64

I spent two whole days to get SSL certificate with no result. Tried half a dozen domains from different registrars I read the available articles, even reproduced the steps in this video

same company, same domain ending , bu at the end there is always a certificate error, pasted at the bottom of the page.

One virtual server only, the same domain that registered when installed the package.

Freshly installed Ubuntu, only the http://software.virtualmin.com/gpl/scripts/install.sh package nothing else. I installed on a desktop computer, high speed internet, static IP address. Am I missing something. Please let me know if somebody could help.
Thank you

Here are the error messages:
request failed : Web-based validation failed :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for admin.napfeny.xyz
http-01 challenge for mail.napfeny.xyz
http-01 challenge for napfeny.xyz
http-01 challenge for webmail.napfeny.xyz
http-01 challenge for www.napfeny.xyz
Using the webroot path /home/napfeny/public_html for all unmatched domains.
Waiting for verification…
Challenge failed for domain admin.napfeny.xyz
Challenge failed for domain mail.napfeny.xyz
Challenge failed for domain napfeny.xyz
Challenge failed for domain webmail.napfeny.xyz
Challenge failed for domain www.napfeny.xyz
http-01 challenge for admin.napfeny.xyz
http-01 challenge for mail.napfeny.xyz
http-01 challenge for napfeny.xyz
http-01 challenge for webmail.napfeny.xyz
http-01 challenge for www.napfeny.xyz
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: admin.napfeny.xyz
    Type: dns
    Detail: No valid IP addresses found for admin.napfeny.xyz

    Domain: mail.napfeny.xyz
    Type: dns
    Detail: No valid IP addresses found for mail.napfeny.xyz

    Domain: napfeny.xyz
    Type: dns
    Detail: No valid IP addresses found for napfeny.xyz

    Domain: webmail.napfeny.xyz
    Type: dns
    Detail: No valid IP addresses found for webmail.napfeny.xyz

    Domain: www.napfeny.xyz
    Type: dns
    Detail: No valid IP addresses found for www.napfeny.xyz

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

DNS-based validation failed
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for admin.napfeny.xyz
dns-01 challenge for mail.napfeny.xyz
dns-01 challenge for napfeny.xyz
dns-01 challenge for webmail.napfeny.xyz
dns-01 challenge for www.napfeny.xyz
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Waiting for verification…
Challenge failed for domain admin.napfeny.xyz
Challenge failed for domain mail.napfeny.xyz
Challenge failed for domain napfeny.xyz
Challenge failed for domain webmail.napfeny.xyz
Challenge failed for domain www.napfeny.xyz
dns-01 challenge for admin.napfeny.xyz
dns-01 challenge for mail.napfeny.xyz
dns-01 challenge for napfeny.xyz
dns-01 challenge for webmail.napfeny.xyz
dns-01 challenge for www.napfeny.xyz
Cleaning up challenges
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Some challenges have failed.
IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: admin.napfeny.xyz
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.admin.napfeny.xyz - check that a DNS record exists
    for this domain

    Domain: mail.napfeny.xyz
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.mail.napfeny.xyz - check that a DNS record exists
    for this domain

    Domain: napfeny.xyz
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.napfeny.xyz - check that a DNS record exists for
    this domain

    Domain: webmail.napfeny.xyz
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.webmail.napfeny.xyz - check that a DNS record
    exists for this domain

    Domain: www.napfeny.xyz
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.www.napfeny.xyz - check that a DNS record exists
    for this domain

The answer from letsencrypt
SSL Certificate Error Can’t be Fixed - Help - Let's Encrypt Community Support

You have DNS issues that need fixing. If your domain can’t be reached by a browser Let’s Encrypt isn’t going to find it.

For starters, the DNS A record for www.napfeny.xyz has a private IP. Either it’s the same for your other names, or A records for the other names don’t exist (same effect). At Namecheap, change 192.168.0.55 to the public IP of your server. You need an A record for napfeny.xyz and all two-dot names listed in the Let’s Encrypt error (www, webmail, admin etc). And to host email on your server you’ll need an A record for mail.napfeny.xyz that points to your server IP.

There may be more to do, nameserver glue for instance, but first things first. Use an online DNS tool of some kind for trouble shooting and verifying changes. This one is how I checked your DNS.

1 Like

Thank you for your reply. I see the problem is caused by the private IP address, 192.168.0.55. How can this IP address be private, since anybody can reach my website napfeny.xyz via http protocol?

The thing is that I am building my own server at home, using the static IP address provided by my internet service company (Rogers Canada). Once my server is running fine, then I will take it to a data center, but I want to finish everything at home first, it is much easier.

In your opinion using the static IP address provided by my internet service company, I can not get ssl certificate from letsencrypt?

Thanks

Ahh, so the A record for www.napfeny.xyz already points to your server.

Not anybody, just clients on your LAN. ping from my location looks up the domain because of the A record, but it stops there because your LAN isn’t routable to the public internet. Same for http. Making a private server publicly accessible involves router NAT settings and port forwarding. That’s stepping into new territory.

I can’t help you with your WAN/LAN but I will suggest looking into DNS services that specialize in this kind of setup using static or dynamic addressing. As for Let’s Encrypt, it should work in theory once your home server goes public.