I have confirmed that the content for the TXT record that certbot prompted me to attach is indeed attached and indeed the same text
My domain is: knine.club, *.knine.club
I ran this command:
/certbot-auto certonly --maual --preferred-challenges=dns --email emile@nobal.ca --server https://acme-v02.api.etsencrypt.org/directory --agree-tos -d *.knine.club -d knine.club
It produced this output:
The following errors were reported by the server:
Domain: knine.club
Type: unauthorized
Detail: Incorrect TXT record
“lek1Ww22hgLyh6JYKf-U1n-m-ELrMUkCAHsaY0XVSZ4” found at
_acme-challenge.knine.club
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
Apache/2.4.10
The operating system my web server runs on is (include version):
Docker
My hosting provider, if applicable, is:
hosted on AWS DNS provider is google
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
None
Thanks for your reply, perhaps I’m confused about how to use this command. There is only one domain name .knine.club with a wildcard A record. It seems like I need to run the command again against the A record alone, is this right?
is good. Because the wildcard-certificate *.knine.club doesn't work with the domain knine.club, so it's standard to have one wildcard certificate with these two domain names.
But you have to create two dns txt entries with the same name
_acme-challenge.knine.club
and two different values. But there is only one entry, not two.
Hi @JuergenAuer
Thanks to your help I was able to get the wildcard subdomain set up, much appreciated!
I now need to get the base domain secured as well, my question is, can I run the above command against knine.club and substitute the given value for the one the is current in the TXT record?
My provider (google) seems to disallow multiple TXT records with the same host.
unfortunately I’m doing this by proxy through my boss so I just have to take his word for it.
I was, however, able to get a cert issued in this manner, by running the command twice against each domain and swapping out the TXT content accordingly.
Your boss needs to press the “+” (plus) button you can see on the below screenshot, to have multiple TXT values on one row (after first going into “Edit” mode).