Can't initiate wildcard challenge


#1

I have cloned the latest certbot from github and ran install script. I am then running this command:

sudo ./certbot-auto certonly \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual --preferred-challenges dns \
-d *.digitalspace.online -d digitalspace.online

It replies with no matches found: *.digitalspace.online.

I am using ubuntu 14.04 and nginx.

What does “no matches found” mean in this context?


#2

Hi @GuerrillaCoder,

You must use quotes around your wildcard domain -d '*.digitalspace.online' or your shell will try to expand that *.

Cheers,
sahsanu


#3

Thanks Sahsanu. That got it started. It’s failing on the DNS check though unfortunately.

 - The following errors were reported by the server:

   Domain: digitalspace.online
   Type:   unauthorized
   Detail: Incorrect TXT record "v=spf1 mx include:zoho.com
   include:mailgun.org ~all" found at
   _acme-challenge.digitalspace.online

   Domain: digitalspace.online
   Type:   unauthorized
   Detail: Incorrect TXT record "v=spf1 mx include:zoho.com
   include:mailgun.org ~all" found at
   _acme-challenge.digitalspace.online

I set the dns correctly but it seems to be reading the contents from a different txt record entirely.

edit: Seem like is issue with dns maybe: https://mxtoolbox.com/SuperTool.aspx?action=a%3A_acme-challenge.digitalspace.online&run=toolpage# I will contact host


#4

@GuerrillaCoder, you added the TXT records to the wrong host.

I mean, instead of use _acme-challenge.digitalspace.online you added it to _acme-challenge.digitalspace.online.digitalspace.online

$ dig @ns3.digitalocean.com _acme-challenge.digitalspace.online.digitalspace.online txt +noall +answer

; <<>> DiG 9.9.7 <<>> @ns3.digitalocean.com _acme-challenge.digitalspace.online.digitalspace.online txt +noall +answer
; (1 server found)
;; global options: +cmd
_acme-challenge.digitalspace.online.digitalspace.online. 100 IN TXT "Czbw2-xkQsQeHjaJnztPXaBMC0hNB6241UY47LnkuAU"
_acme-challenge.digitalspace.online.digitalspace.online. 100 IN TXT "wfRO6HK4p24ZoY6aWSMrflh8FmXFwbQ4yxBbQvnP_Ng"

So, instead of add the txt records host as _acme-challenge.digitalspace.online use only _acme-challenge

Cheers,
sahsanu


#5

Ahh you got it! Many thanks that validated now