A side note about propagation, Let’s Encrypt always asks the authoritative nameservers for a domain. This means you only need to wait for all of your provider’s nameservers to have it. You do not need to wait for it to globally propagate.
network.lemoney.in has a CNAME records, so we can not add TXT records for it. So how can I add the value which we are putting in the TXT records for generating the certificate?
As @mnordhoff explained, you aren’t adding a TXT to
network.lemoney.in, where your CNAME record sits.
You are creating a new TXT record on
_acme-challenge.network.lemoney.in, which is a different/distinct DNS name to
Thanks for your response!! Actually there are two issues which I am facing now as follows:
I want to generate a Let’s encrypt certificate for sub domain ‘newtwork.lemoney.in’ and use it. And for generating this certificate I need to put a value in the TXT record, so when I went to add a TXT record for the ‘newtwork.lemoney.in’ domain yesterday, I came to know that I can not add a TXT record as It has CNAME record. So here my question is as I can not add the TXT record for the ‘newtwork.lemoney.in’ sub domain, how can I generate a Let’s encrypt certificate for the ‘newtwork.lemoney.in’ sub domain as my management does’t want to continue with any other sub domain?
As I was not able add a TXT record for domain ‘newtwork.lemoney.in’ yesterday, I have added a new sub domain ‘newtwork2.lemoney.in’ and added a TXT record for the ‘newtwork2.lemoney.in’ sub domain with the value which I got after running the following command:
sudo certbot -i apache -a manual --preferred-challenges dns -d network2.lemoney.in
When I got confirmed after 3 hours that the new value is deployed on the server, I clicked the ‘Enter’ button to continue but still I got the following error:
Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. network2.lemoney.in (dns-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.network2.lemoney.in
The following errors were reported by the server:
Detail: DNS problem: NXDOMAIN looking up TXT for
So here my questions are why I am not able to generate the certificate for the ‘network2.lemoney.in’ sub domain and how can I correct this?
Can we have a chat session or phone call to solve this issue quickly?
$ host -ttxt network2.lemoney.in
network2.lemoney.in descriptive text “UVXLp8m6tWNoRiHWnG8ySZPQl0Bp7qc3YirJQ-Z-kLs”
This is just the wrong location, you have to put the TXT record on the name
Thanks for your response!! What about first query?
If you cannot deploy the DNS record, you cannot retrieve a certificate via Let’s Encrypt, unless you use http-01 authorization.
But can you create a
TXT record for
I hope so, I will try it and get back to you.
Many many Thanks for your response!!
Yes, I have created a TXT record for _acme-challenge.network.lemoney.in and I am able to generate the certificate and key(4 .pem files). I got 4 shortcut file in live folder/directory and 4 .pem file in archive folder/directory.
I want to just want to confirm with you that the .pem which are present in the archive folder/directory, I need to use? Which .pem file is certificate which I need to distribute for authentication?
And at last I got following error, should I ignore it:
No vhost exists with servername or alias of network.lemoney.in. No vhost was selected. Please specify ServerName or ServerAlias in the Apache config, or split vhosts into separate files.
No vhost selected
Yes you can ignore it.
The only thing it will do to you is youll need to install the cert by yourself.
Many Many thank to all of you for your support. everything is working for me now. Thanks again.
Can we increase or set the expiration date of the manually generated certificate?
All Let’s Encrypt certificates are always valid for exactly 90 days from issuance.
Thanks for your response!! How can we use the lets encrypt certificate in a mobile app?
For what purpose? The certificate is used to authenticate TLS-protected services.
Is there a paid version of the software where we can define our own validity of the certificates?