ACME challenge failed despite having corrent TXT value


I have confirmed that the content for the TXT record that certbot prompted me to attach is indeed attached and indeed the same text

My domain is:, *

I ran this command:
/certbot-auto certonly --maual --preferred-challenges=dns --email --server --agree-tos -d * -d

It produced this output:

  • The following errors were reported by the server:

    Type: unauthorized
    Detail: Incorrect TXT record
    “lek1Ww22hgLyh6JYKf-U1n-m-ELrMUkCAHsaY0XVSZ4” found at

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
hosted on AWS DNS provider is google
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


Certbot will have prompted you to create 2 separate (two) TXT records. You only have one.


Hi @emile

you want one certificate with two domain names. So you have to create two dns txt entries with the same name and different values. But

Domainname TXT Entry Status ∑ Queries ∑ Timeout ok 1 0 ok 1 0 lek1Ww22hgLyh6JYKf-U1n-m-ELrMUkCAHsaY0XVSZ4 looks good 1 0

I see only one entry, not two.


Thanks for your reply, perhaps I’m confused about how to use this command. There is only one domain name with a wildcard A record. It seems like I need to run the command again against the A record alone, is this right?


Your command

-d * -d

is good. Because the wildcard-certificate * doesn’t work with the domain, so it’s standard to have one wildcard certificate with these two domain names.

But you have to create two dns txt entries with the same name

and two different values. But there is only one entry, not two.


ok, i understand. How can I get another value to add for the second TXT record? only one is provided by certbot.


Certbot should show you two different txt values.


Certbot just gives me this.

Please deploy a DNS TXT record under the name with the following value:


Before continuing, verify the record is deployed.


There must be a second value if you use

-d * -d

as domains. Try it again.


Sorry my last reply is incorrect
it has provided a second value.


Hi @JuergenAuer
Thanks to your help I was able to get the wildcard subdomain set up, much appreciated!
I now need to get the base domain secured as well, my question is, can I run the above command against and substitute the given value for the one the is current in the TXT record?
My provider (google) seems to disallow multiple TXT records with the same host.


This is highly unlikely. You may just have to add multiple values to the same record. Can you post a screenshot of the interface you’re using?


unfortunately I’m doing this by proxy through my boss so I just have to take his word for it.
I was, however, able to get a cert issued in this manner, by running the command twice against each domain and swapping out the TXT content accordingly.


Your boss needs to press the “+” (plus) button you can see on the below screenshot, to have multiple TXT values on one row (after first going into “Edit” mode).


Two separate DNS challenges

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.