Can't get to use

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: --log --force --staging --issue -d -d -d * --dns myapi

It produced this output:
[Sun Oct 20 16:10:01 EDT 2019] Using stage ACME_DIRECTORY:
[Sun Oct 20 16:10:01 EDT 2019] Multi domain=‘,,’
[Sun Oct 20 16:10:01 EDT 2019] Getting domain auth token for each domain
[Sun Oct 20 16:10:02 EDT 2019] Getting webroot for domain=‘
[Sun Oct 20 16:10:02 EDT 2019] Getting webroot for domain=‘
[Sun Oct 20 16:10:02 EDT 2019] Getting webroot for domain=’’
[Sun Oct 20 16:10:02 EDT 2019] Error, can not get domain token entry *
[Sun Oct 20 16:10:02 EDT 2019] The supported validation types are: dns-01 , but you specified: http-01

My web server is (include version):
apache 2.4

The operating system my web server runs on is (include version):
FreeBSD 11.3-RELEASE-p3 i386

My hosting provider, if applicable, is:
I manage my own servers

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No, doing it the hard way

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


1 Like

It seems you may have previously issued a wildcard via http.
You may need to remove that cert first or update the conf file.

You may have to change this entry to:

I noticed that, about the dns-01 versus http-01 thing. I’m just now playing around with wildcards, so I’m pretty sure I haven’t gotten a wildcard cert with http-01. Also, deleting the records in doesn’t help. I tried it with a different domain, but that didn’t work either. So I tried it with a new domain I’ve never gotten any certificate for and that didn’t work either.

I’m sure I must be doing something wrong, but I can’t figure out what.

1 Like

I don’t know what you mean by that. Do you mean explicitly set webroot blank? I tried: --force --staging --issue -d -d -d * --dns myapi --webroot ‘’

and got the same error.

Check in ~/ . It may be loading pre-existing settings from there.

Edit: Oops, just saw you already tried that. Another idea: can be a bit weird about parameter ordering. Could you move --dns myapi to the start of the command? --issue --dns dns_myapi -d ... --issue --dns myapi --force --staging -d -d -d *

Same result.

I also tried deleting the entire folder. No dice.

Is this the literal value that you are using? Or is myapi standing in for something else?

The instructions for using a custom DNS API say to use the dns_ prefix for both the --dns parameter and for the filename.

When I copy your command literally, I also get the error about the unsupported validation type.

When I change it to use --dns dns_myapi (and rename ~/ to ~/, it works fine.


That did it. Thanks!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.