My domain is: rrc.iiit.ac.in (within local network). We have a DNAME on our local DNS to point *.rrc.iiit.ac.in to *.rrcx.tk. rrcx.tk is our global domain managed through cloudflare where we insert all our A, CNAME, TXT records.
I ran this command:
certbot certonly -d "*.rrc.iiit.ac.in" --manual on our server inside our local network.
It produced this output:
Please deploy a DNS TXT record under the name _acme-challenge.rrc.iiit.ac.in with the following value: sOWBirCDa2cu01mXHzRxStlFb01MqkApCwSU31744ZY Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue Waiting for verification... Cleaning up challenges Failed authorization procedure. rrc.iiit.ac.in (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge.rrc.iiit.ac.in IMPORTANT NOTES: - The following errors were reported by the server: Domain: rrc.iiit.ac.in Type: unauthorized Detail: No TXT record found at _acme-challenge.rrc.iiit.ac.in To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
The operating system my web server runs on is (include version): Ubuntu 18.04.4
I can login to a root shell on my machine (yes or no, or I don't know): Yes
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): 0.31.0
I've created the TXT record and it clearly exists:
Ran on the same server,
$ nslookup -q=TXT _acme-challenge.rrc.iiit.ac.in Server: 10.4.20.222 Address: 10.4.20.222#53 rrc.iiit.ac.in dname = rrcx.tk. _acme-challenge.rrc.iiit.ac.in canonical name = _acme-challenge.rrcx.tk. _acme-challenge.rrcx.tk text = "sOWBirCDa2cu01mXHzRxStlFb01MqkApCwSU31744ZY"
Ran outside our network,
$ nslookup -q=TXT _acme-challenge.rrcx.tk Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: _acme-challenge.rrcx.tk text = "sOWBirCDa2cu01mXHzRxStlFb01MqkApCwSU31744ZY"
I'm not sure what is going wrong.