Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly
It produced this output:
Failed authorization procedure. nyresidentsalliance.org (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT
for _acme-challenge.nyresidentsalliance.org - check that a DNS record exists for this domain
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: nyresidentsalliance.org
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.nyresidentsalliance.org - check that a DNS record
exists for this domain
My web server is (include version):
bitnami@ip-172-26-3-150:~$ httpd -v
Server version: Apache/2.4.41 (Unix)
Server built: Feb 7 2020 11:05:17
The operating system my web server runs on is (include version):
NAME="Ubuntu"
VERSION="16.04.6 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.6 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
My hosting provider, if applicable, is: AWS Lightsail
I can login to a root shell on my machine (yes or no, or I don't know):Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 0.31.0
The ssl was working fine, and I think there was some problem when I tried to renew it (it was due to renewal on 3/29). After the renewal failed, then I tried to create to new one, then I got the above error. I think the server time is correct,
Last login: Mon Mar 29 14:45:00 2021 from 72.21.217.129
bitnami@ip-172-26-3-150:~ date
Mon Mar 29 17:19:44 UTC 2021
bitnami@ip-172-26-3-150:~
I keep getting this error each time I create to execute this command:
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly
error I got::
_acme-challenge.nyresidentsalliance.org - check that a DNS record
exists for this domain
You probably already know this, but you need to create new TXT records each time you create or renew a certificate. Since you're using manual authentication (without manual-auth-hook or manual-cleanup-hook scripts to add and remove the TXT records automatically), you'll need to add and remove the specified TXT records yourself, being sure to give adequate time for the TXT records to propagate. You can check for the propagation of the TXT records with dig. Once your certificate has been successfully issued, you can remove all existing _acme-challenge TXT records.
Here's what currently exists:
id 8031
opcode QUERY
rcode NOERROR
flags QR RD RA
;QUESTION
_acme-challenge.nyresidentsalliance.org. IN TXT
;ANSWER
_acme-challenge.nyresidentsalliance.org. 299 IN TXT "LSz1DWF-9igLH_u-pBVL8VMy79oRN9DXyQLfOvnO5AU"
;AUTHORITY
;ADDITIONAL
The command above will require creating 2 TXT records, both with a host of _acme-challenge.nyresidentsalliance.org, but with different values.
Side note:
You cannot use sudo certbot renew when using manual authentication because the renew function runs "non-interactively", meaning that it doesn't pause to let you manually add the TXT records. Hence why you would need manual-auth-hook and manual-cleanup-hook scripts.
You might consider using acme-dns to help you automate your renewals.
