I have tried to manually create a certificate for the subdomain "ssf-srv3.southsideflash.com". I am not sure why it fails, and it seems to constantly reference that there is a missing TXT record for ssf-srv3. This is confusing to me, because the only record I am aware of needing to create when I use ACME DNS is a CNAME, which I create when it asks me to.
This is my first posting to the forums; if I have misposted or missed something obvious, please let me know and I will gladly comply.
My questions:
- Why does the output continually reference an invalid or missing TXT record?
- I am only aware of this setup needing a CNAME; what is this reference to a TXT record? Is this a misprint from the error handling, or if not, can someone point me to the TXT record setup requirements which I cannot seem to find?
- What can I do to get a successful issuance for ssf-srv3 using DNS?
My domain is: ssf-srv3.southsideflash.com
I ran this command: sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d ssf-srv3.southsideflash.com
It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for ssf-srv3.southsideflash.com
Hook '--manual-auth-hook' for ssf-srv3.southsideflash.com ran with output:
Please add the following CNAME record to your main DNS zone:
_acme-challenge.ssf-srv3.southsideflash.com CNAME 414f5778-4d68-49d4-bb7a-dc8cbc33bd19.auth.acme-dns.io.
Challenges loaded. Press continue to submit to CA.
Pass "-v" for more info about challenges.
Press Enter to Continue
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: ssf-srv3.southsideflash.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ssf-srv3.southsideflash.com - check that a DNS record exists for this domain
Hint: The Certificate Authority failed to verify the DNS TXT records created by the --manual-auth-hook. Ensure that this hook is functioning correctly and that it waits a sufficient duration of time for DNS propagation. Refer to "certbot --help manual" and the Certbot User Guide.
Some challenges have failed.
My web server is (include version): n/a
The operating system my web server runs on is (include version): Ubuntu 22
My hosting provider, if applicable, is: self
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.7.0
[EDIT: Addendum]
After running the above as described, unsuccessfully, subsequent attempts appear as follows (please note that the requested CNAME was created successfully, manually, by me when it was initially requested):
root@ssf-srv1:~# sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d ssf-srv3.southsideflash.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for ssf-srv3.southsideflash.com
Challenges loaded. Press continue to submit to CA.
Pass "-v" for more info about challenges.
Press Enter to Continue
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: ssf-srv3.southsideflash.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ssf-srv3.southsideflash.com - check that a DNS record exists for this domain
Hint: The Certificate Authority failed to verify the DNS TXT records created by the --manual-auth-hook. Ensure that this hook is functioning correctly and that it waits a sufficient duration of time for DNS propagation. Refer to "certbot --help manual" and the Certbot User Guide.
Some challenges have failed.