Certificate is not being generated


#21

A side note about propagation, Let’s Encrypt always asks the authoritative nameservers for a domain. This means you only need to wait for all of your provider’s nameservers to have it. You do not need to wait for it to globally propagate.


#22

network.lemoney.in has a CNAME records, so we can not add TXT records for it. So how can I add the value which we are putting in the TXT records for generating the certificate?


#23

As @mnordhoff explained, you aren’t adding a TXT to network.lemoney.in, where your CNAME record sits.

You are creating a new TXT record on _acme-challenge.network.lemoney.in, which is a different/distinct DNS name to network.lemoney.in.


#24

Thanks for your response!! Actually there are two issues which I am facing now as follows:

  1. I want to generate a Let’s encrypt certificate for sub domain ‘newtwork.lemoney.in’ and use it. And for generating this certificate I need to put a value in the TXT record, so when I went to add a TXT record for the ‘newtwork.lemoney.in’ domain yesterday, I came to know that I can not add a TXT record as It has CNAME record. So here my question is as I can not add the TXT record for the ‘newtwork.lemoney.in’ sub domain, how can I generate a Let’s encrypt certificate for the ‘newtwork.lemoney.in’ sub domain as my management does’t want to continue with any other sub domain?

  2. As I was not able add a TXT record for domain ‘newtwork.lemoney.in’ yesterday, I have added a new sub domain ‘newtwork2.lemoney.in’ and added a TXT record for the ‘newtwork2.lemoney.in’ sub domain with the value which I got after running the following command:

sudo certbot -i apache -a manual --preferred-challenges dns -d network2.lemoney.in

When I got confirmed after 3 hours that the new value is deployed on the server, I clicked the ‘Enter’ button to continue but still I got the following error:

Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. network2.lemoney.in (dns-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.network2.lemoney.in

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: network2.lemoney.in
    Type: connection
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.network2.lemoney.in

So here my questions are why I am not able to generate the certificate for the ‘network2.lemoney.in’ sub domain and how can I correct this?

Can we have a chat session or phone call to solve this issue quickly?


#25

$ host -ttxt network2.lemoney.in
network2.lemoney.in descriptive text “UVXLp8m6tWNoRiHWnG8ySZPQl0Bp7qc3YirJQ-Z-kLs”

This is just the wrong location, you have to put the TXT record on the name _acme-challenge.network2.lemoney.in.


#26

Thanks for your response!! What about first query?


#27

If you cannot deploy the DNS record, you cannot retrieve a certificate via Let’s Encrypt, unless you use http-01 authorization.


#28

But can you create a TXT record for _acme-challenge.network.lemoney.in?


#29

I hope so, I will try it and get back to you.


#30

Many many Thanks for your response!!

Yes, I have created a TXT record for _acme-challenge.network.lemoney.in and I am able to generate the certificate and key(4 .pem files). I got 4 shortcut file in live folder/directory and 4 .pem file in archive folder/directory.

I want to just want to confirm with you that the .pem which are present in the archive folder/directory, I need to use? Which .pem file is certificate which I need to distribute for authentication?

And at last I got following error, should I ignore it:

No vhost exists with servername or alias of network.lemoney.in. No vhost was selected. Please specify ServerName or ServerAlias in the Apache config, or split vhosts into separate files.
No vhost selected


#31

Hi,

Yes you can ignore it.
The only thing it will do to you is youll need to install the cert by yourself.

Thank you.


#32

Many Many thank to all of you for your support. everything is working for me now. Thanks again.


#33

Can we increase or set the expiration date of the manually generated certificate?


#34

All Let’s Encrypt certificates are always valid for exactly 90 days from issuance.


#35

Thanks for your response!! How can we use the lets encrypt certificate in a mobile app?


#36

For what purpose? The certificate is used to authenticate TLS-protected services.


#37

Is there a paid version of the software where we can define our own validity of the certificates?


#38

No. See:


#39

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.