[qua 20 abr 2022 18:30:54 -03] Using CA: https://acme-v02.api.letsencrypt.org/directory
[qua 20 abr 2022 18:30:54 -03] Single domain='*.higenku.org'
[qua 20 abr 2022 18:30:54 -03] Getting domain auth token for each domain
[qua 20 abr 2022 18:30:56 -03] Getting webroot for domain='*.higenku.org'
[qua 20 abr 2022 18:30:56 -03] Add the following TXT record:
[qua 20 abr 2022 18:30:56 -03] Domain: '_acme-challenge.higenku.org'
[qua 20 abr 2022 18:30:56 -03] TXT value: 'DxAWNViga7DAbOEyAYEkS2rdnCVsza2xq5ZilUd9pQ4'
[qua 20 abr 2022 18:30:56 -03] Please be aware that you prepend _acme-challenge. before your domain
[qua 20 abr 2022 18:30:56 -03] so the resulting subdomain will be: _acme-challenge.higenku.org
[qua 20 abr 2022 18:30:56 -03] Please add the TXT records to the domains, and re-run with --renew.
[qua 20 abr 2022 18:30:56 -03] Please add '--debug' or '--log' to check more details.
[qua 20 abr 2022 18:30:56 -03] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
The value is not a deterministic representation of your domain name, but rather a random value that was chosen by the Let's Encrypt certificate authority and delivered over its API (when acme.sh connected to that API to request a certificate). The value is different every time (for some notions of "every time"); you can't calculate it yourself without using the Let's Encrypt API.
It is used to prove that the person (or device) requesting a certificate really controls the domain name. For instance, I could request a certificate for your domain, but Let's Encrypt would give me a different random value from the one it gives you, and I wouldn't have any way of getting your site to serve the random value that was given to me, because I have no access to your site. That distinguishes you (the legitimate operator of that site) from me (a stranger).
If that was possible, it would likely always be the same number and wouldn't be very secure - especially for DNS certificates!
Everyone requesting a DNS cert from your domain would automatically be authorized once you put the "right" TXT record in place.