Cannot create wildcart certificate

Switch74 · September 5, 2020, 2:12pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
05plus.ru
I ran this command:

certbot certonly -d 05plus.ru -d *.05plus.ru --preferred-challenges dns --manual

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for 05plus.ru
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: (Y)es/(N)o: y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.05plus.ru with the following value:

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Before continuing, verify the record is deployed.

My web server is (include version):
Apache 2.0 + PHP 7.0
The operating system my web server runs on is (include version):
Ubuntu 16.04 Server
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
1.7.0

my command:

certbot certonly -d 05plus.ru -d *.05plus.ru --preferred-challenges dns --manual

should It produced this output

...
dns-01 challenge for 05plus.ru
dns-01 challenge for *.05plus.ru
...

right?

try command:

certbot certonly -d *.05plus.ru --preferred-challenges dns --manual`

It produced this output

...
dns-01 challenge for 05plus.ru
...

before that it turned out to get a certificate for plus.ooo

how to make DNS TXT record did not change

griffin · September 5, 2020, 2:17pm

Welcome to the Let’s Encrypt Community

Osiris · September 5, 2020, 2:18pm

Switch74:

my command:

certbot certonly -d 05plus.ru -d *.05plus.ru --preferred-challenges dns --manual

should It produced this output
...
dns-01 challenge for 05plus.ru
dns-01 challenge for *.05plus.ru
...
right?

Yes, but in between those two output lines, you'll see the part about deploying the _acme-challenge TXT record for the "bare" domain name and after those two lines you'd see another part about deploying a second TXT record. You'll need to add both to your DNS zone.

Also, it's a good idea to put the wildcard hostname on the command line between quotes (") because otherwise bash can expand the asterisk, as it's a special character for bash. I.e., put -d "*.05plus.ru" on the command line in stead of -d *.05plus.ru.

Switch74 · September 5, 2020, 2:38pm

before that it turned out to get a certificate for plus.ooo
my command:

certbot certonly -d plus.ooo -d *.plus.ooo --preferred-challenges dns --manual

It produced this output

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for plus.ooo
dns-01 challenge for *.plus.ooo

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: (Y)es/(N)o: y

Please deploy a DNS TXT record under the name
_acme-challenge.05plus.ru with the following value:

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Before continuing, verify the record is deployed.
...
Please deploy a DNS TXT record under the name
_acme-challenge.05plus.ru with the following value:

YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY

but 05plus.ru does not give
dns-01 challenge for *.05plus.ru

before created a certificate 02plus.ru
my command:

certbot certonly -d 02plus.ru -d *.02plus.ru--preferred-challenges dns --manual

It produced this output

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for 02plus.ru

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: (Y)es/(N)o: y

Please deploy a DNS TXT record under the name
_acme-challenge.02plus.ru with the following value:

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Before continuing, verify the record is deployed.

in 02plus.ru not wildcart

Osiris · September 5, 2020, 2:40pm

Have you tried my advice about the quotes I said above?

Switch74 · September 5, 2020, 4:28pm

try again

certbot certonly -d 05plus.ru -d *.05plus.ru --preferred-challenges dns --manual

It produced this output

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for 05plus.ru

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: (Y)es/(N)o: y

Please deploy a DNS TXT record under the name
_acme-challenge.05plus.ru with the following value:

V5AWXO0s2RFQrRk43UE3PvY2KNDmtB5GKV1Y5gDuiX0

Before continuing, verify the record is deployed.

host -t txt _acme-challenge.05plus.ru
_acme-challenge.05plus.ru descriptive txt "XCwzkavtYifYtn4kf_FA2IRhBME0eE2Ren0NOk4gUSs"

Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at:
...

did not require a second entry DNS TXT
before that plus.ooo запрашивал установки двух DNS TXT

Osiris · September 5, 2020, 4:29pm

I'm still not seeing any quotes around your wildcard hostname…

Switch74 · September 5, 2020, 4:31pm

worked without quotes

Osiris · September 5, 2020, 4:51pm

If bash doesn't have anything to expand with the asterisk, then it will work without quotes too, indeed. But as a rule of thumb, when using asterisks when you want them to be the literal asterisk character in bash, it's best to use quotes. That way, bash won't expand it if there are files ending in 05plus.ru in the directory you're running the command from.

system · October 5, 2020, 4:51pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.