Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output:
Domain validation failed: *.hype.de
No TXT record found at _acme-challenge.hype.de Forbidden urn:ietf:params:acme:error:unauthorized
But it creates the TXT Record in the DNS Each time and we own the domain as well
It was working fine till last week and there was no change in our Domain or environment
My web server is (include version): Microsoft IIS
The operating system my web server runs on is (include version): Windows Server 2012 R2
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Certify The Web
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 5.6.2.0
For starters, the TXT records used for DNS-01 challenges are only used once and should be removed immediately after the validation attempt.
This might be a cause for concern:
_acme-challenge.hype.de. 3582 IN CNAME _acme-challenge.hype.de.hype.cloud.
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "Tzeb_EsE13MbEgneDeE_YAsXA4_18_yq8fKIqcHY4gA"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "LBY0aOP1CMdDjHUwViOrTAzmLLBGx7Zn_ICLkH4ofeg"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "i5lg7ViUSUR1Q0SoYX_zyI6nbpEaIcSOH4JsZzKaFbY"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "sLLpINcuscu8OGdHss7ZJlxs55sLkcW6V17zWTnVEno"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "JoTWl6xr87hQ63XhXG7orhaqJb5v2mY_awfQ6mXsgCI"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "iKrjNt3isqxqGyRo8G5vp-YleN5F8MsD1lBBfzXUsRs"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "OyZB2eV0sc5ChmOGUCb5Pm_k7sU9XmhJ9RAAVmbYp1A"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "Wub3NdRywfkJQgWq5dfi6lrTpv71eMGciNvT5v4QNU4"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "IpwhzG_aK43bAywCoRA584p2waDObjGknE4onRq104s"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "e0Fy84xHjttl2fuO7uXkCALS-jBVhRLwDP7Ia0rZYXs"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "lWqMHmP5Nf1gOJuHtwtIxHBf3C0xJFs5j5H5a-O4pU4"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "OcPJ3jTgzikirgNOWgsWPsjIvDlN0cZTroENBoH1rH0"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "QzVf1y9Vt9iZyqqzYEqjiIEhXq2d5qMFS2BXk7ZCjas"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "pTdygeCpS6JFe_ns0lV0Rm_5eFAIelX_CqT8hMvOXw4"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "5_P6pYS-A-tZ5zH-kfcqzkwzsoV21fFkF9Fsc071uv0"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "tJSZrQRNbzAGyaJYurj2YPIxeOlxFvQCr9-oehvf-0I"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "VREnV0OFg0BoDnVuhQwGCjNZpTTq_sZqXJa2cwEBW5M"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "-PfJ5-2OJViHJeBqWUaydQvY6knOlJAVB3RHheeW0zE"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "0TmNDDzxJ8oAN6jzggYxsUlyQj4GFF1Hzv2_o1CMFsg"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "NnhGW9hNR7i57uOXIclDxpwEwx6Sy_GmMck7CcNw6vI"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "11cKvwSHC0czbXpsvoPu_UsdDU3MbNiEqOFQj1FEXFU"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "1Js6LoOiv2InxdGMRq5RouJb5uAus30BoXFzDX9YenQ"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "3-SJm68iqOirK2BfbPErr0jBYLYD0LVRk1sN2SmQt6s"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "VU-GUvKwekUGQ2xlavXDVwrL81MVDbV0fdbEwajWoV4"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "5AlFZs25mcRQIcHnPYZH6Ma5OiH9lsWEZJ3Fd0cryrs"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "WrZpIBO09Z9-If5Isga_vz3WjGqPtJkeWmtd6mnISrA"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "6ALhIuZbT8QZuwoTE3ckJrzbUKMDprBovo0GedlcsF0"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "6h-VjQarDRRX7jFUfWp9bh8LG5WmFcuENuCPUn_I4c8"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "7_Iob2F7srZi47tubT78tCPMu8zHyoouA1M_b2jpxrU"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "8cG5RvBEppS53zFa67AuV6imva2i45QiJcmrMXDZZoY"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "Go2zb_YhIPtJSnxNz6buqJyLbIYjnMEPoy2OfKTTuCQ"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "DGDQBDNIGvHoih8ZhfEN1QqydCeqFBcRrqHzhYl3KDM"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "8QLNG9Xcocft5yn856l-ddDELly8Zw-foC5EuWts5p8"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "8zpiYD3Yl_g0icNQwm_F8Xqhar-vLOH-fUrqIkz3OiE"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "a8X3fdt3VZcuJenInplsjKh6UTVJlZqImha8kedK074"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "spQq3vpk-6cymT4N5p4b4uGoYAMu5kF5waU3icY0ZQ4"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "aRH0YqHUjiDKkYQu2Yb-SU7E8ljiCIeBedCE8_I2G6c"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "BI0ifnasQsv_SebTEOORztLP8NaEfVBac46dZPfOl40"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "B-HUyD4RN5wfTTFpQUaFR0Ff3su8syNuNOx3vPBvhpY"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "B1IoGto7dGVUaWSxLT8xsDIJMoUT7kpmritcKrx9WZM"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "b2-DS6OQEjgkmvm1k1VC_Me8ip5T_gb1k05HG8Z9gok"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "BcMw5jkpFuMzkhtZSjQxl6UO0lq0JukDu8gfWk0THdA"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "BW_MpLJEHXOzmpD2aaMfw6K2g04Iatfnpz41oS25BBk"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "C4Sh3_aRsb9QiYdYB-9fINgvGWOvcKYr58lS6xteKJw"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "DbEWAER9R09YRv3h9LV_7Qyg3mLcWmoARO4c4VDsY7c"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "EaAo7NAU8B6bBIOndbHdaBleO8U4eXrNZvYuyNKd7Rg"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "f4Z8rsu0qZn_JbCCzUQB44C3PDlfpSKD5Wxu77y7Zlw"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "tsulUOBHitLSUhli7ZPe5LqtQHsG1p9WXmyL8pITn-w"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "0sbJBY25UjTH2TtfRQzQpvFysWfJFg2oag5a9TtodBk"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "FFweb1adk8JqtluupI8M0bUo95jXqaR6_fQA_3YsIEY"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "FPyCvC3HPPjpWVIf3RCdMDVFze6LMtQzuYqrrDSXGgQ"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "fsVNDORPQSm32sNl7WCNF1Zd_0fzWAyZYifG_fJDMtM"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "PKLmt_OvStRv-QUjrC11FYXkf9k1-FHssXWlondrGxI"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "ggzV1WomKhUwklfI1tMWB4E8YLReVkQWMd2njup-5I8"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "GhzsJrHEyNQmc-84j1HXy--uS75NfiqbJ_lK9yhfftc"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "gvn3oGiSTIEZP5JSldNe0qg4qderDMf1fqw_es68NtE"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "HbN8Vv_YBSW5HHH__q5Q3E9NPqxJRxopweVaLPnjRWc"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "IjgT9yn8OId12k__UnkAQGaDjVzpofqyWu9oHeO2n10"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "Iv_BLOBTqTm8hDVCOZnU5moJrlvfA3oF9eNR38vVIkA"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "iZwmGrcuDlzDmuyWEZdHmHNjR1zyvm_zixYWMpkRe2Q"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "KbPvJFCHf2O7IAI8ovIQay6L5qZtsnL9c7_cJt_wZD4"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "kQ4Pk6Ep9JZPLB0PX1sEbTts6lou23YeeQzC8r9Syzo"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "LN2Fdyh_pH6MT1OcyYl-QT_qj7AV00ZfOVEgMUHHl8I"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "mdr49i5FdhVJtibTX-LfzZi8wofAFljnF3O1EcVPdEA"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "mjAQT8icI5fyQA4WGFtRbAtdda-CAbSsgHIb78KgxM0"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "nWuUA7gDiC_JfHfAX4cScW8jmqpeWGWPoRoIxRCTzvo"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "oVzQqdVRHskGXPDGYRKm4ArrB7pHzu9ISGzbry-NuJA"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "pEnLPNwaxJQkaxTmgObQN57-IuXb13geRpj3ALpCXpI"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "PvzaB8VsHtVF-vSkAtInbr9xKdM-pOG41JhenWSNiWc"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "QsXkJe1l1t4Ny0G0ZJm9JTmqlrqIaujwfPRL1yLq6Ig"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "quoe4rg7oGOpVm8lJSH8jmk40oZfPaI3quBq8K16bPk"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "Rj57s7VAhrpGgf9_AdZUUOR5cZY0MUQ7M6Rl-AIlOzs"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "rWl4yb9yFgEtWHZdCEw5rtm1NyNt5jcsSPIShSQ7S8w"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "TJ-Q-o5ajGZoqySwoHD-ygcw2lOnOvR2BxSm41XJgBM"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "TlzhItzfZwczzyy0iyh1MLz7fQllktf5wn_5NHDoN0U"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "IqGdOaM6oFLzpbAPoCGbSlhtNM3N1HbYnbqazWNJOGY"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "TZryVtXFOfGQl8dJTeiL9SMI3LBUTNkOaOYGdufkDU8"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "bHa9toMoo91PN964V3PxjWLsWo1fr4MGroUFV4QoTcQ"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "u7lI43H1hxumYYqBYmwbD0GziLln6sLb2lgx5rBD8Lo"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "_Bw3_YvMyHijLVM0_QqEQuc739rtxYF5CSIy5UtqTqg"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "uF8a-XJqKvSob_kk5iIJTg7S2tps7B6_ClcR7jusmi4"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "uuABhHSPJwqRFOL1Bbf7wdrReLIdeXn030WvDkcIaoU"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "UW8rgm9BXzVVk-BG_vX2WGot_6s5lyWEgLzqaVto_9o"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "94kXbYb9B2j_PBY2U7ZflYxyq3VBRuQuyoULOCtymWA"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "VcJhfP4caJ09AdE9Z12_lQ9C852n-wfkeC9ZcO2CphI"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "vnJXcNBVFeUUU4vYAh7DVZrnQUdzk8JLe7HCjt6bKsY"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "BXXFiMb38VbKk11sKYTRdPUBfXG9cHoUUyLPxEvSQy4"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "wNoRir7QvENX2qdJWDKk3zO3Mg7OzAXnorkt13JH9y0"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "XIQU6-4SZcO_dHEBQNbynQ-PJ-H40cRMDvki3LjTgBk"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "Xnd_SCVofoNTPIE_ALOaCIDyNaxxkOUriqD_fFIwtn4"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "XNLCBjjbmh59hihRoOn3Wkgi3LO5O2KUoph0CJwYxdE"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "XSVHvr9Fi-POBl3sNbbahQHMKpm8bNa8vTgNb-WaY_s"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "IejQLUUrUHTxV26xcA2LBwNCmGzg9lzPG94HJ2k5QCY"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "XSwbgTr53y9SabG15_K8HMD0NE6Ans0BHJMW-g2lmOQ"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "xVqa8jDW9yxB3qmQBUDTm-lkXv1OeQZIqTy_6-hfru8"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "YcDuvER5Ey6He8erBjQeoPJ7M6Dv5FRjeK7kfQX1ryo"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "YUBEDTewHHbsBiOJtl3Aox8HTgUTgzFMwiJhBycZXMY"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "YWP-wZH89uBp0lF9WFcMp0aT-M4VBcYVQzgD3YhNDVs"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "yy1g4rqJey4-hTSVMW99n29fr8fZPdfCFKXNHLABjHk"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "zClxqIz9DKNYA19rVUW2wacYP_oX_za81BjqQi0c8yQ"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "_qsq8irdkUxyJEtFif99R-jx0jIqSMhzeNNaOZEKW7M"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "BQRiUMOK-HH_TzEU4jA4DGEXkIyUl7kgLxezhRFgUAo"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "QdP0cKvPj3Kj2a9NqbwrSXFKmJPdBesxUKr7noXLCow"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "Txc_Ff2g21f4KZkRk_yDJnw3QtZF90Et3S5zrCQRrsE"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "svQUn9WWHRJXs7hikEODechXmXgOlddkdW7f5tmIGPc"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "giYwAhQHUQHeUA4rrPtKRSe5IAiBqMjwyDDnaN25OUA"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "U116bFM6IruvvBd5oDxI1kao9TCOxcIDCsz6Ibd4Rbs"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "hzMxs8pSyB6yi7pskxRiNNA1e2yxL6HNY6Jx-JioWIo"
_acme-challenge.hype.de.hype.cloud. 600 IN TXT "2m3ojKDB-Wn0DfNQ-RZ3Ib0E6AYyRzPZbuChCkfCo3o"
Tagging the author of Certify The Web: @webprofusion
Can you explain more about how this domain is setup? I see you are on the latest version of Certify The Web, and I also see (I think?) you are using CNAME delegation of acme challenges to a surrogate domain. This is a feature we started to support very recently so perhaps there's an issue. Did you configure the CNAME delegation domain in the UI? This is used internally so that it can replace _acme-challenge.hype.de with _acme-challenge.hype.cloud (so your CNAME delegation domain would be hype.cloud) .
If you are not using CNAME delegation please explain more about how your domain is configured.
[Edit: I see you are using hype.de.hype.cloud as your CNAME delegation domain, so please confirm this is included in the UI and which DNS provider you are using.]
I am new to this environment and I believe we are using CNAME Delegation is we are managing hype.cloud DNS this is being used as Zone ID in the Certify the Web application. The funny thing is that we had a successful renewal for the same domain for a different server on 16/12/2021 regardless of the number of TXT records in the DNS. This was working for a long time and only one of the servers has updated Certify the Web installed.
OK, CNAME delegation is new in Certify The Web - some of our DNS providers need the fully qualified record name, so specifying a CNAME delegation rule lets you say "replace domain x with y". e.g. your delegation rule should probably be set to *.hype.de:*.hype.cloud. See DNS Validation (dns-01) | Certify The Web Docs
I suspect although it may have worked to create records without the delegation rule, deleting the record is not behaving as expected (it's not deleting the record).
As a quick workaround you could delete the _acme-challenge record from hype.cloud but this will only buy you some time until there are too many TXT record values again.
Looking at our code for the GoDaddy provider, it checks for the existence of the record using it's fully qualified name before attempting the delete. You'll probably see "DNS record does not exist, nothing to delete in the logs, which means it didn't find _acme-challenge.hype.de in the hype.cloud zone. Set your CNAME delegation rule in the UI and it should work ok.
Thanks for your inputs and suggestions. While checking the domain settings I can see it is given hype.de.hype.cloud as CNAME delegation for Acme-challenge. So it is set up correctly.
We were able to resolve the issue as @griffin suggested. There were around 120 TXT records in the Domain and after clearing all of them, the renewal was successful. Thanks again for all the support.
Great, keep an eye on it for the TXT record getting large again as that implies the cleanup process is not working. I note it has 3 values currently.
You can send your log file to support at certify theweb.com for that to be reviewed if you want to investigate further. Note that the CNAME delegation rule has the format source.domain:destination.domain so if your CNAME delegation rule is literally just hype.de.hype.cloud then that will be doing nothing (and cleanup will still be failing).
