Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: saurian.org
I ran this command:
sudo certbot certonly
–manual
–csr _wildcard__saurian_org_b45d3_7a9e7_8d068caa6d889afe54d97760f90ecf3d.csr
–server https://acme-v02.api.letsencrypt.org/directory
–agree-tos
-d *.saurian.org
It produced this output:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Performing the following challenges:
dns-01 challenge for saurian.org
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.
Are you OK with your IP being logged?
(Y)es/(N)o: Y
Please deploy a DNS TXT record under the name
_acme-challenge.saurian.org with the following value:
EUfIi0IFGYflu89LHImTx0uB9iyI187u11nLuP2DJw0
Before continuing, verify the record is deployed.
Press Enter to Continue
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My web server is (include version): Apache 2.4.41
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: UK2.net
I can login to a root shell on my machine (yes or no, or I don’t know): no
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): cpanel Version 82.0.17
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.27.0
OK, brief explanation of concern… I’ve followed the process to use CertBot to submit the CSR as per on-line instructions. That process seems to have worked just fine. However, I’m using the DNS-based challenge as per my ISP instructions and 5+ hours after adding the DNS “TXT” record, the service “dnschecker.org” indicates that, so far, none of the global checker nodes are seeing the TXT record added to my domain.
I appreciate that it might be a bit premature to ask for help now as I’ve still got 6+ hours before CertBot times out… but I don’t think I’m going to be able to stay awake long enough to see if it returns.
I’d like to ask what advice you would give if this submission times out? It seems [from tracking so far] that even though using TXT records is a good idea, the poor performance of DNS record replication might become an issue. May I ask if there is a work-around please? Is there a version of this process where I can “resume” after the TXT record propagates?
Any suggestions as to the best approach here would be gratefully received…
Thank you
