Can't generate my Wildcard Certificate by DNS-01 challenge

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: fs1servers.ru

I ran this command: ./certbot-auto certonly --manual --preffered-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

It produced this output:
Challenge failed for domain fs1servers.ru
dns-01 challenge for fs1servers.ru
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: fs1servers.ru
    Type: unauthorized
    Detail: Incorrect TXT record
    “OcTk21wyPfuM6_KPok4lBAgtmgtwn7_T6CYEMsHU3NE” (and 1 more) found at
    _acme-challenge.fs1servers.ru

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.
    root@abromarina:/etc/certbot# ./certbot-auto certonly --manual --preferred-challenges dns-01 --server
    https://acme-v02.api.letsencrypt.org/directory
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator manual, Installer None
    Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
    to cancel): *.fs1servers.ru fs1servers.ru
    Cert is due for renewal, auto-renewing…
    Renewing an existing certificate
    Performing the following challenges:
    dns-01 challenge for fs1servers.ru

My web server is (include version): Apache Lounge 2.4

The operating system my web server runs on is (include version): Windows Server 2016 Standart

My hosting provider, if applicable, is: Rostelecom

I can login to a root shell on my machine (yes or no, or I don’t know): yes (of course)

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): none

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): CertBot 0.40.1

#############
I can’t generate my certificates already for 2 days.

“nslookup -q=TXT _acme-challenge.fs1servers.ru 8.8.8.8” shows me right information but certbot says “NOT”! Why???

Hi @abromarina

checking your domain there is a new Letsencrypt certificate - https://check-your-website.server-daten.de/?q=fs1servers.ru#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-11-19 2020-02-17 *.fs1servers.ru, fs1servers.ru - 2 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-09-17 2019-12-16 *.fs1servers.ru, fs1servers.ru - 2 entries

And you use it:

CN=*.fs1servers.ru
	19.11.2019
	17.02.2020
expires in 90 days	*.fs1servers.ru, fs1servers.ru - 2 entries

Looks like you have found a solution.

But one of your TXT entries is wrong:

The first entry is good. The second is too long.

It’s just a luck) Just I’ve tried too many times and it’s OK. But That’s not good that I have to try so many times for getting my certificate. Maybe Do U know how to get it for less times?

DNS challenge is good if your dns provider has an API and if there is an ACME-client with API-support.

So the main question: Supports your dns provider an API?

acme.sh has a lot of dns options.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.