My domain is: portaugusta.sa.gov.au
I ran this command: certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d \civic-mail01.portaugusta.sa.gov.au
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for civic-mail01.portaugusta.sa.gov.au
Challenges loaded. Press continue to submit to CA.
Pass "-v" for more info about challenges.
Press Enter to Continue
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Detail: No TXT record found at _acme-challenge.civic-mail01.portaugusta.sa.gov.au
Hint: The Certificate Authority failed to verify the DNS TXT records created by the --manual-auth-hook. Ensure that this hook is functioning correctly and that it waits a sufficient duration of time for DNS propagation. Refer to "certbot --help manual" and the Certbot User Guide.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): Apache 2.4.53
The operating system my web server runs on is (include version): Rocky Linux 9.1
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): 2.1.0
It's confusing as the acme-dns-auth readme says I need to add a CNAME record, but the error says I don't have a TXT record. Which is it I need to use?
Another issue I have is that the console of our DNS provider has a 'feature' that automatically adds our domain name to the end of the data of a CNAME record. I assume the DNS challenge will fail because of this? It is not something I can change. Basically our DNS console sets the data to 8394fcd6-5d82-4108-a586-277ab548302d.auth.acme-dns.io.portaugusta.sa.gov.au
Is there another way to do the dns challenge that avoids using a CNAME record like this?