I’m using the certbot-auto utility and lexicon via a script from this post to automate renewal of a few of sub-domains:
- stagingdomain.in → base domain
- *.stagingdomain.in → wildcard domain
While the script runs perfectly fine for the 1st 3 domains (including adding & removing the requisite TXT records for the dns-01 challenge), it fails for the last 2 because:
- the TXT record for both the base domain is _acme-challenge.stagingdomain.in
- Also, the TXT record for wildcard domain is _acme-challenge.stagingdomain.in
Somehow, the script deletes the TXT record for the base domain before creating a TXT record for the wildcard domain (I’ve understood that both TXT records need to co-exist) thus failing the validation & the SSL renewal with the message.
The client lacks sufficient authorization ::
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Now, I know a workaround is to manually add those TXT records but for one, it doesn’t help if you’ve multiple domains and when it comes to automating the entire process.
Do let me know if I can provide any more information.
Thanks & cheers,