Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: *.myclub.se
I ran this command:
~/.acme.sh/acme.sh --renew -d '*.myclub.se' --force --dnssleep 120 --reloadcmd "/usr/local/bin/deploy-wildcard-cert.sh
It produced this output:
200
2025-11-09T19:11:23+01:00
OK
3827449
myclub.se
_acme-challenge
TXT
ZP9pQfNYTBbvKYz96rq4aLoPC7ZCsUlMBZmItgW5BBA
300
myclub.se
TXT
_acme-challenge
ZP9pQfNYTBbvKYz96rq4aLoPC7ZCsUlMBZmItgW5BBA
300
cl22119
12278
[Sun Nov 9 19:11:23 CET 2025] The TXT record has been successfully added.
[Sun Nov 9 19:11:45 CET 2025] status='pending'
[Sun Nov 9 19:11:45 CET 2025] Pending. The CA is processing your order, please wait. (1/30)
[Sun Nov 9 19:11:45 CET 2025] Sleep 2 seconds before verifying again
[Sun Nov 9 19:11:48 CET 2025] Checking
[Sun Nov 9 19:11:48 CET 2025] =======Sending Signed Request=======
[Sun Nov 9 19:11:48 CET 2025] url='https://acme-v02.api.letsencrypt.org/acme/authz/2426880467/610348973526'
[Sun Nov 9 19:11:48 CET 2025] payload
[Sun Nov 9 19:11:48 CET 2025] Use cached jwk for file: /home/deployer/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key
[Sun Nov 9 19:11:48 CET 2025] Use _CACHED_NONCE='9cWC3FLMSZRahTkWqTyE2ysL3jqgyewmiFd_hp6kWx0NpgerktM'
[Sun Nov 9 19:11:48 CET 2025] nonce='9cWC3FLMSZRahTkWqTyE2ysL3jqgyewmiFd_hp6kWx0NpgerktM'
[Sun Nov 9 19:11:48 CET 2025] POST
[Sun Nov 9 19:11:48 CET 2025] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz/2426880467/610348973526'
[Sun Nov 9 19:11:48 CET 2025] body='{"protected": "eyJub25jZSI6ICI5Y1dDM0ZMTVNaUmFoVGtXcVR5RTJ5c0wzanFneWV3bWlGZF9ocDZrV3gwTnBnZXJrdE0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI0MjY4ODA0NjcvNjEwMzQ4OTczNTI2IiwgImFsZyI6ICJFUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8yNDI2ODgwNDY3In0", "payload": "", "signature": "wRLU2EjRZ2no3t99TJ3RYhcjEXi6DznlbiFnkswNzdP1Sr5E-bPcJUDvaVmOXAxTVPCInnSQMOfopvA3NQMeYQ"}'
[Sun Nov 9 19:11:48 CET 2025] _postContentType='application/jose+json'
[Sun Nov 9 19:11:48 CET 2025] Http already initialized.
[Sun Nov 9 19:11:48 CET 2025] _CURL='curl --silent --dump-header /home/deployer/.acme.sh/http.header -L --trace-ascii /tmp/tmp.nKtxL5xIKw -g '
[Sun Nov 9 19:11:49 CET 2025] _ret='0'
[Sun Nov 9 19:11:49 CET 2025] responseHeaders='HTTP/2 200
server: nginx
date: Sun, 09 Nov 2025 18:11:49 GMT
content-type: application/json
content-length: 611
boulder-requester: 2426880467
cache-control: public, max-age=0, no-cache
link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
replay-nonce: dWyNfKdNjq1rcbW1o9ttSBYCNoEV4cZCi70-fF6d5sqYwW0EpIM
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Sun Nov 9 19:11:49 CET 2025] code='200'
[Sun Nov 9 19:11:49 CET 2025] original='{
"identifier": {
"type": "dns",
"value": "myclub.se"
},
"status": "invalid",
"expires": "2025-11-16T18:11:21Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2426880467/610348973526/LvqNng",
"status": "invalid",
"validated": "2025-11-09T18:11:45Z",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "No TXT record found at _acme-challenge.myclub.se",
"status": 403
},
"token": "ldHqjMFqUzmZlgRlAggeYCCFGwzBIXBMjfQe9fjrQJQ"
}
],
"wildcard": true
}'
[Sun Nov 9 19:11:49 CET 2025] response='{"identifier":{"type":"dns","value":"myclub.se"},"status":"invalid","expires":"2025-11-16T18:11:21Z","challenges":[{"type":"dns-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall/2426880467/610348973526/LvqNng","status":"invalid","validated":"2025-11-09T18:11:45Z","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"No TXT record found at _acme-challenge.myclub.se","status": 403},"token":"ldHqjMFqUzmZlgRlAggeYCCFGwzBIXBMjfQe9fjrQJQ"}],"wildcard": true}'
My web server is (include version):
Apache/2.4.29
The operating system my web server runs on is (include version):
Ubuntu 18.04LTS
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.27.0
The main problem that I am having is that the txt entry is present in the DNS (I have confirmed this with dig) but letsencrypt doesn't see it?