_acme-challenge

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: babyroberts.com.mx

I ran this command:
certbot
It produced this output:
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.
My web server is (include version):
Virtualmin
The operating system my web server runs on is (include version):
Ubuntu 20.04
My hosting provider, if applicable, is:
freemyorderbox.com
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Virtualmin
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

Is this all? There's nothing after the dot?

4 Likes

You appear to be trying to use DNS validation instead of HTTP validation. Your domain DNS is hosted on hostgator.br and I'm not aware of a certbot DNS plugin for that. Are you trying to use a Manual DNS update?

2 Likes

Hi! 9peppe, yeah over error, it appear my domain after dot, and i want to understand, its necessary a TXT record... but... i havent token or value for TXT record... where can i to get it?

If you run certbot and choose DNS-01 authentication, it will show you the TXT record you need to add to your DNS zone.

[you may have to include "--manual"]

2 Likes

Thanks for your response @webprofusion I am using Virtualmin, and over there i installed letscrypt, in fact i always have work so, within any problem... yeah domain is hosted on hostgator, error shows i have to add a txt record but i havent token or value for that txt record... how i can to get it?

2 Likes

@rg305 Perfect my friend... I've got the value... im going to add txt record now, get back! Thanks a lot.

2 Likes

That should include an acme client, I don't know if it's going to be certbot.

1 Like

So what changed that you now need to provide a TXT record? There are two main ways to validate your domain for certificate renewal HTTP and DNS.

HTTP domain validation is the most common and it involves the certificate authority (Let's Encrypt) making checking your domain using HTTP, which your server responds to with a special challenge response. Most systems use this.

Alternatively, DNS validation involves updating an _acme-challenge TXT record for each domain or subdomain you want to include on your certificate, this usually requires that your DNS provider has an API to allow this value to be automatically created or updated.

2 Likes

Perfect, I understand now that, maybe months ago i didnt know about notifications because admin email account it was of the system... I've done the record only i wait propagation time... go back with you soon.

You only have to wait for your primary nameservers to update, usually that's a few seconds or less than 5 minutes. I can see the record now using dig _acme-challenge.babyroberts.com.mx -t TXT

2 Likes

@webprofusion
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for babyroberts.com.mx and *.babyroberts.com.mx

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: babyroberts.com.mx
Type: unauthorized
Detail: Incorrect TXT record "movEcgJXZxMIyeaI2k3NzdImFd-RvAGI_FPAXKSOwms" found at _acme-challenge.babyroberts.com.mx

Hint: The Certificate Authority failed to verify the DNS TXT records created by the --manual-auth-hook. Ensure that this hook is functioning correctly and that it waits a sufficient duration of time for DNS propagation. Refer to "certbot --help manual" and the Certbot User Guide.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

By console (certbot certonly --manual) i typed domain name with asterisc to begin (wildcard)... and platform shows nex msg:
An unexpected error occurred:
There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt

When you are requesting a wildcard certificate covering *.domain.com and domain.com that actually counts as two validations (yes, it's confusing) and so you need two TXT record values. You have also now hit a failed validation rate limit but if you repeat your request in a few hours and update the TXT record again it should pass. This is because your previous validation for the other name on the certificate will already be valid.

The benefit of using an automated DNS update instead of trying to do it manually is that most automated solutions know how to populate the TXT record with multiple values (or perform the validation sequentially) to allow for such wildcard requests.

2 Likes

@webprofusion perfect my friend... i will study more for certbot to work it best. Then im going to wait more time, i will generate a new value and configure it. Thanks.

2 Likes

A post was split to a new topic: Problem with DNS challenge with Cloudflare

Solved. Well I was working bad with the request of Certificate, only i had to wait a minutes before instruction shell: Press any key to continue. After certbot certonly --manual and configure Record TXT DNS, problem was solved. Thanks a lot.

3 Likes