Certificate DNS TXT Verification

I’m trying to setup a wildcard certificate for my domain. The problem I’m having is that the certbot is asking me to setup a DNS TXT record under the name “_acme-challenge.hepatica.site” which, when I go to enter this in the domain.com site, the moment I add the “.hepatica.site” portion of the name, their page logic removes it which, in turn, restricts me from using the name that certbot generated. Is there any way to get certbot to generate a different (or random) name that could get past this script?

My domain is: hepatica.site

I ran this command: certbot -d *.hepatica.site --manual --preferred-challenges dns certonly

It produced this output: Please deploy a DNS TXT record under the name _acme-challenge.hepatica.site with the following value:

Before continuing, verify the record is deployed.

My web server is (include version):

The operating system my web server runs on is (include version): debian

My hosting provider, if applicable, is: domain.com (for the DNS)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.28.0

In many DNS management UIs, you don’t need to enter the fully qualified name…only the portion that is beyond your domain name. So in your case, try just entering _acme-challenge instead of _acme-challenge.hepatica.site.

Hi @WaywardScythe

perhaps you should use

certbot -d *.hepatica.site -d hepatica.site  --manual --preferred-challenges dns certonly

So you need two dns txt entries with the same name, but different values.

Then you have a certificate that works with your main domain and every subdomain.

If you create only a certificate with *.hepatica.site, hepatica.site isn't secure.

Fair enough, and good point, and I can target both with only the one -d option:

certbot -d *.hepatica.site,hepatica.site --manual --preferred-challenges dns certonly

It doesn’t, however, give me a DNS TXT name that excludes the “.hepatica.site” from the name. That is being stripped out by domain.com’s interface, resulting in me note being able to use it. That is my main issue that needs to be overcome (and I’m sooooo close to getting this done that I can taste it!)

It really boils down to the fact that either certbot needs to also generate a random name as well, or domain.com needs to stop stripping out the site’s domain name from the entry to allow people to specify.

It smells a little as if domain.com is savvy to certbot’s naming…but that may just be random conspiracy theorizing on my part… ;D

I had tired that, thinking exactly the same way…perhaps I made a keyboard error. I’ll try again…

That’s the wrong definition ( https://check-your-website.server-daten.de/?q=hepatica.site ):

Compare it with a correct definition:

PS: Create a screenshot of your menu.

Awesome. That was very, very helpful to be able to see what the certbot was checking against. Got the confirmation from certbot and now I get to proceed on to other things. Thanks for the insight!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.