Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
certbot certonly --staging --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d churchwebsitesplus.com -v
It produced this output:
… “token”: “sLFySYZc4V0ycOeNY5PjED5IVoE56OuYpNv7Tv-dAPg”\n }\n ]\n}’
Performing the following challenges:
dns-01 challenge for churchwebsitesplus.com
…then after pressing y and enter…it spit out the following
.IMPORTANT NOTES:
The following errors were reported by the server:
Domain: churchwebsitesplus.com
Type: unauthorized
Detail: Incorrect TXT record
“sLFySYZc4V0ycOeNY5PjED5IVoE56OuYpNv7Tv-dAPg” found at
_acme-challenge.churchwebsitesplus.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
So why does the output say incorrect TXT record when it’s exactly the same as the “token” “sLFySYZc4V0ycOeNY5PjED5IVoE56OuYpNv7Tv-dAPg”
Isn’t the token the supposed to be the TXT record???
Regards,
Victor
My web server is (include version):
The operating system my web server runs on is (include version):
Ubuntu 16.04LTS
My hosting provider, if applicable, is:
self hosted
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Not that token. The token to be used is passed as an environment variable to the script you specified with --manual-auth-hook.
Are you trying to complete the challenge manually, or are you trying to use acme-dns? If the former you should just leave off the --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py and certbot will provide instructions to complete the challenge manually. If you want to use acme-dns then... sorry I haven't tried that yet, but maybe someone else can help.
I was first trying to use acme-dns but I found some errors in my DNS setup (CNAME -> acme-dns) so I tried to troubleshoot by just manually finding the txt record I needed and then adding that TXT record ihe DNS server to see if I can get the cert.
Been trying to get dns challenges working so I can get wildcard certs. My brain is just overloaded.
I think I know what you are saying. I’ll leave off “–manual-auth-hook /etc/letsencrypt/acme-dns-auth.py” and I suppose LE will give me the correct “txt” records.
Then when I want to try using acme-dns, I add it back in. (I think it’s not working right now as the CNAME record on my DNS server is not working correctly to the acme-dns server that I built.
This is not the final token to use for verification. This token is combined by Certbot along with your ACME private key to produce the final token.
You can find the final token by using --authenticator manual without --manual-auth-hook (as pointed out already):
-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.example.org with the following value:
6GPn1nIbLDoi8XkG8Ibh3AJXoVI85ksALBkDjw3-9AU
Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
