I was trying to install ssl certificate in my implementation. For that ran sudo bench setup lets-encrypt foo.bar but it is showing error Challenge failed for domain foo.bar.
I am attaching the error log here
sudo bench setup lets-encrypt foo.bar
Running this will stop the nginx service temporarily causing your sites to go offline
Do you want to continue? [y/N]: y
INFO:bench.utils:sudo systemctl stop nginx
INFO:bench.utils:/opt/certbot-auto --config /etc/letsencrypt/configs/foo.bar.cfg certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for foo.bar
Waiting for verification...
Challenge failed for domain foo.bar
http-01 challenge for foo.bar
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: foo.bar
Type: dns
Detail: No valid IP addresses found for foo.bar
INFO:bench.utils:sudo systemctl start nginx
There was a problem trying to setup SSL for your site
Please help me to solve this issue…
Thanks and Regards.
The ANSWER SECTION is missing… you have a server that is responsible, but is missing the required entry… make sure your DNS server resolves the domain.
You should get something like
; <<>> DiG 9.11.5-P1-1ubuntu2.5-Ubuntu <<>> discuss.frappe.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45608
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;discuss.frappe.io. IN A
;; ANSWER SECTION:
discuss.frappe.io. 300 IN A 178.62.129.225
;; Query time: 29 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mi Sep 25 12:10:42 CEST 2019
;; MSG SIZE rcvd: 64
You have to make sure that there is a DNS name entry for foo.bar (can be A or CNAME) that points to either your IP or a linked hostname. This depends on your DNS server. In case you are running your own server and use bind9, you will need to have something like
foo.bar. IN A 11.22.33.44
In case you have a hosting provider for the DNS server, they normally have a web portal to configure this. They might also offer direct support.
So they type of DNS server you use is essential to solving this…