Hello Folks,
I have some trouble with obtaining a new wildcard certificate. Just three month ago it worked well with the dns challenge. This Week it wont work, and I can’t find out the problem.
I need one certificate it looks like certbot will make two of it.
Performing the following challenges: dns-01 challenge for ulrichivens.de dns-01 challenge for ulrichivens.de
Certbot asked me to put in two challenges, what I’d done. Between every change I waited a couple of hours to let it deploy.
At the end certbot said, that the txt record is incorrect but shows the correct one in the output. What can I do to get the new certificate? I want a manual install on my server configuration, what I’ve done before.
Kind Regards
Ulrich
My domain is:
ulrichivens.de
I ran this command:
certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d 'ulrichivens.de,*.ulrichivens.de'
** and that one in another terminal to check if deployed**
nslookup -type=TXT _acme-challenge.ulrichivens.de ns15.domserver.de Server: ns15.domserver.de Address: 2001:4178:3:a357:62:116:159:35#53 _acme-challenge.ulrichivens.de text = "Uhk7jfhAZ58INnNFNDjlPjm3va7ZrNJ9ZBQ7V0BnsqA" nslookup -type=TXT _acme-challenge.ulrichivens.de ns15.domserver.de Server: ns15.domserver.de Address: 2001:4178:3:a357:62:116:159:35#53 _acme-challenge.ulrichivens.de text = "gNJZEf9PfMbfuhlF1vhFmaINcxG-odIXDWIWd_KgXCM"
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Obtaining a new certificate Performing the following challenges: dns-01 challenge for ulrichivens.de dns-01 challenge for ulrichivens.de - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: yes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.ulrichivens.de with the following value: Uhk7jfhAZ58INnNFNDjlPjm3va7ZrNJ9ZBQ7V0BnsqA Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.ulrichivens.de with the following value: gNJZEf9PfMbfuhlF1vhFmaINcxG-odIXDWIWd_KgXCM Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue Waiting for verification... Cleaning up challenges Failed authorization procedure. ulrichivens.de (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "gNJZEf9PfMbfuhlF1vhFmaINcxG-odIXDWIWd_KgXCM" found at _acme-challenge.ulrichivens.de IMPORTANT NOTES: - The following errors were reported by the server: Domain: ulrichivens.de Type: unauthorized Detail: Incorrect TXT record "gNJZEf9PfMbfuhlF1vhFmaINcxG-odIXDWIWd_KgXCM" found at _acme-challenge.ulrichivens.de To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
My web server is (include version):
I manually install the certificate, that had worked in the past.
The operating system my web server runs on is (include version):
Ubuntu 18.04 LTS with all updates
My hosting provider, if applicable, is:
Own Server
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
certbot --version certbot 0.27.0