I’m trying to setup a wildcard certificate for my domain. The problem I’m having is that the certbot is asking me to setup a DNS TXT record under the name “_acme-challenge.hepatica.site” which, when I go to enter this in the domain.com site, the moment I add the “.hepatica.site” portion of the name, their page logic removes it which, in turn, restricts me from using the name that certbot generated. Is there any way to get certbot to generate a different (or random) name that could get past this script?
My domain is: hepatica.site
I ran this command: certbot -d *.hepatica.site --manual --preferred-challenges dns certonly
It produced this output: Please deploy a DNS TXT record under the name _acme-challenge.hepatica.site with the following value:
Before continuing, verify the record is deployed.
My web server is (include version):
nginx
The operating system my web server runs on is (include version): debian
My hosting provider, if applicable, is: domain.com (for the DNS)
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.28.0
In many DNS management UIs, you don’t need to enter the fully qualified name…only the portion that is beyond your domain name. So in your case, try just entering _acme-challenge instead of _acme-challenge.hepatica.site.
Fair enough, and good point, and I can target both with only the one -d option:
certbot -d *.hepatica.site,hepatica.site --manual --preferred-challenges dns certonly
It doesn’t, however, give me a DNS TXT name that excludes the “.hepatica.site” from the name. That is being stripped out by domain.com’s interface, resulting in me note being able to use it. That is my main issue that needs to be overcome (and I’m sooooo close to getting this done that I can taste it!)
It really boils down to the fact that either certbot needs to also generate a random name as well, or domain.com needs to stop stripping out the site’s domain name from the entry to allow people to specify.
It smells a little as if domain.com is savvy to certbot’s naming…but that may just be random conspiracy theorizing on my part… ;D
Awesome. That was very, very helpful to be able to see what the certbot was checking against. Got the confirmation from certbot and now I get to proceed on to other things. Thanks for the insight!
