right now I want to have a letsencrypt - certificate for my website myownsite.cn.
Server OS: Debian
Webserver: apache2
So tried to to run the certbot and got authorization probs
certbot certonly --webroot -w /var/www/html/ -d myownsite.cn
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for myownsite.cn
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Incomplete authorizations
So I came to know, that it hinges on the DNS:
root@myserver:/etc/letsencrypt# certbot -d myownsite.cn --manual --preferred-challenges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for myownsite.cn
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
(Y)es/(N)o: Y
Please deploy a DNS TXT record under the name
_acme-challenge.myownsite.cn with the following value:
xt0NhjNdw9NGZFXxFDdcIPg3UxmTg6fLErsfVDQp2IQ
Before continuing, verify the record is deployed.
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. myownsite.cn (dns-01): urn:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.myownsite.cn
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: myownsite.cn
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.myownsite.cn
root@myserver:/etc/letsencrypt#
What needs to be done here ?
How to deploy a DNS TXT record ?
Hi Osiris,
thanks for your hints and sorry for my belated response. …Had to close from work earlier yesterday…
I just need a certificate. There is no reason for DNS. …sorry…
can you tell me the necessary steps for http-01 challenge or a site where the
process is explained ? Shell commands etc.
Maybe a firewall problem. If you want to use http-01 - challenge, certbot creates a file under /.well-known/acme-challenge/, Letsencrypt must be able to load this file per port 80.