While trying to issue a wildcard certificate to a domain, using DNS-RFC2136 (BIND) plugin in a “certonly” request, certbot registers two TXT _acme-challenge entries on my DNS server, and none matches the ACME challenge expected by the server. Therefore it fails verification.
This is happening with both the dns-rfc2136 plugin and a manual hook I’ve been happily using for the past 2+ years. My original certbot was an ancient 0.38 version, which was updated to 1.3.0 as part of a troubleshooting session.
The “certupdate” command is just a wrapper script that does a few things prior and after the certificate is issued.
It is my understanding wildcard certificates are only issued if requested with DNS challenge, so the HTTP based options are a no go for me. Any advices around this DNS challenge are welcome.
Certbot command - certbot.log.txt (218 Bytes)
CLI output - certbot_cli.log.txt (1.1 KB)
BIND logging DDNS output - named_ddns.log.txt (1.4 KB)
BIND logging zone Xfer output - named_zone_xfer.log.txt (837 Bytes)
letsencrypt.log logfile - letsencrypt.log.txt (30.0 KB)