I am running dehydrated shell script and using duckdns to manage the update to the txt record for my domain thompson.org.za, I have a cname record for _acme-challenge.thompson.org.za pointing to duckdns and this works fine.
I am trying to replicate the same setup with another domain layer7.co.za but using nginx proxy manager which I see has duckdns built in.
If I request a certificate using the duckdns hostname this works fine how ever when I try to request a certificate for *.layer7.co.za using dns01 authentication I get thrown an error:
Error: Command failed: certbot certonly --non-interactive --cert-name "npm-6" --agree-tos --email "admin@layer7.co.za" --domains "*.layer7.co.za" --authenticator dns-duckdns --dns-duckdns-credentials "/etc/letsencrypt/credentials/credentials-6"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Encountered exception during recovery: certbot.errors.PluginError
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
at ChildProcess.exithandler (node:child_process:326:12)
at ChildProcess.emit (node:events:369:20)
at maybeClose (node:internal/child_process:1067:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
Looking in to the logs I see that it seems to be failing on a regex lookup for root domain from certbot.
2021-08-06 11:37:03,378:DEBUG:acme.client:Storing nonce:
2021-08-06 11:37:03,379:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-08-06 11:37:03,379:INFO:certbot._internal.auth_handler:dns-01 challenge for meetings.layer7.co.za
2021-08-06 11:37:03,380:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/lib/python3.7/site-packages/certbot_dns_duckdns/cert/client.py", line 70, in _perform
self._get_duckdns_client().set_txt_record(domain, validation)
File "/opt/certbot/lib/python3.7/site-packages/certbot_dns_duckdns/duckdns/client.py", line 47, in set_txt_record
root_domain = self.__get_validated_root_domain__(domain)
File "/opt/certbot/lib/python3.7/site-packages/certbot_dns_duckdns/duckdns/client.py", line 66, in __get_validated_root_domain__
assert VALID_DUCKDNS_DOMAIN_REGEX.match(root_domain)
AssertionError
Is this the intended behavior or am I missing something ?