Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: acme.sh --issue --webroot ~/public_html -d turnthelydon.com -d *.turnthelydon.com --force --dns
It produced this output: [Sun Jan 3 20:27:29 EST 2021] Domains have changed.
[Sun Jan 3 20:27:29 EST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Jan 3 20:27:29 EST 2021] Multi domain='DNS:turnthelydon.com,DNS:.turnthelydon.com'
[Sun Jan 3 20:27:29 EST 2021] Getting domain auth token for each domain
[Sun Jan 3 20:27:31 EST 2021] Getting webroot for domain='turnthelydon.com'
[Sun Jan 3 20:27:31 EST 2021] Getting webroot for domain='.turnthelydon.com'
[Sun Jan 3 20:27:31 EST 2021] Error, can not get domain token entry *.turnthelydon.com for http-01
[Sun Jan 3 20:27:31 EST 2021] The supported validation types are: dns-01 , but you specified: http-01
[Sun Jan 3 20:27:31 EST 2021] Please add '--debug' or '--log' to check more details.
[Sun Jan 3 20:27:31 EST 2021] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
My web server is (include version): I'm running on NameCheap utilizing bash and acme.sh
My hosting provider, if applicable, is: Namecheap
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I'm using cPanel unsure of version
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): latest version of acme.sh
I was able to create a wildcard for my domain and it works perfectly, however I cannot seem to successfully add the base domain (turnthelydon.com) to the certificate and re-issue. I have created the necessary acme_challenge DNS record and it works when only specifying a single domain. I just cannot for the life of me add a second name with success.
So, I need to do two issue commands? One for the wildcard and one for the base domain? Add the records and then run the full issue including both? Something like:
Nope. One command is needed, but you must use dns for a wildcard that requires a dns-01 challenge (webroot won't work because it's an http-01 challenge).
So running: acme.sh --issue -d turnthelydon.com -d *.turnthelydon.com --force --dns
returns
[Sun Jan 3 20:43:43 EST 2021] Error, can not get domain token entry *.turnthelydon.com for http-01
[Sun Jan 3 20:43:43 EST 2021] The supported validation types are: dns-01 , but you specified: http-01
I do not see where I'm specifying an http-01 request
[Sun Jan 3 20:49:27 EST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun Jan 3 20:49:27 EST 2021] Multi domain='DNS:turnthelydon.com,DNS:.turnthelydon.com'
[Sun Jan 3 20:49:27 EST 2021] Getting domain auth token for each domain
[Sun Jan 3 20:49:29 EST 2021] Getting webroot for domain='turnthelydon.com'
[Sun Jan 3 20:49:29 EST 2021] Getting webroot for domain='.turnthelydon.com'
[Sun Jan 3 20:49:29 EST 2021] Error, can not get domain token entry *.turnthelydon.com for http-01
[Sun Jan 3 20:49:29 EST 2021] The supported validation types are: dns-01 , but you specified: http-01
[Sun Jan 3 20:49:29 EST 2021] Please add '--debug' or '--log' to check more details.
[Sun Jan 3 20:49:29 EST 2021] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub
You must specify a dns plugin to be used by acme.sh, it seems you are using namecheap as your dns provider so please, read carefully the doc to use it with acme.sh, because you need to use a username, an api key and a source ip.
There is a complete staging environment for such cases [testing]
Nevertheless, you managed to get #2 with DNS auth, so you must have some idea on how that was done.
You simply need to do one cert with two names on it (2 DNS changes at the same time).
If it is possible I would avoid a manual authentication, he must use one more parameter --yes-I-know-dns-manual-mode-enough-go-ahead-please and the renews must be manual too so it is a pain
# acme.sh --version
https://github.com/acmesh-official/acme.sh
v2.8.8
# acme.sh --issue --dns -d turnthelydon.com -d "*.turnthelydon.com"
[lun 04 ene 2021 03:00:49 CET] It seems that you are using dns manual mode. Read this link first: https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode
# acme.sh --issue --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please -d turnthelydon.com -d "*.turnthelydon.com"
[lun 04 ene 2021 03:01:06 CET] Using CA: https://acme-v02.api.letsencrypt.org/directory
[lun 04 ene 2021 03:01:06 CET] Creating domain key
[lun 04 ene 2021 03:01:06 CET] The domain key is here: /root/.acme.sh/turnthelydon.com/turnthelydon.com.key
[lun 04 ene 2021 03:01:06 CET] Multi domain='DNS:turnthelydon.com,DNS:*.turnthelydon.com'
[lun 04 ene 2021 03:01:06 CET] Getting domain auth token for each domain
[lun 04 ene 2021 03:01:10 CET] Getting webroot for domain='turnthelydon.com'
[lun 04 ene 2021 03:01:11 CET] Getting webroot for domain='*.turnthelydon.com'
[lun 04 ene 2021 03:01:11 CET] Add the following TXT record:
[lun 04 ene 2021 03:01:11 CET] Domain: '_acme-challenge.turnthelydon.com'
[lun 04 ene 2021 03:01:11 CET] TXT value: '6Ao4ZDqcAC0JObcpv6RuPXqSBmKRHZN5lgfL8J141Cs'
[lun 04 ene 2021 03:01:11 CET] Please be aware that you prepend _acme-challenge. before your domain
[lun 04 ene 2021 03:01:11 CET] so the resulting subdomain will be: _acme-challenge.turnthelydon.com
[lun 04 ene 2021 03:01:11 CET] Add the following TXT record:
[lun 04 ene 2021 03:01:11 CET] Domain: '_acme-challenge.turnthelydon.com'
[lun 04 ene 2021 03:01:11 CET] TXT value: 'l2pfYxmzuPB6BEjXlzx125J2o_a80Zepl8qqDULufGo'
[lun 04 ene 2021 03:01:11 CET] Please be aware that you prepend _acme-challenge. before your domain
[lun 04 ene 2021 03:01:11 CET] so the resulting subdomain will be: _acme-challenge.turnthelydon.com
[lun 04 ene 2021 03:01:11 CET] Please add the TXT records to the domains, and re-run with --renew.
[lun 04 ene 2021 03:01:11 CET] Please check log file for more details: /root/.acme.sh/acme.sh.log
I was fairly certain that the developer of acme.sh himself recently stated that --yes-I-know-dns-manual-mode-enough-go-ahead-please was obsolete somewhere in this community. I may be wrong. I can't seem to find the reference.
