Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: kultdivinitylost.com
I ran this command:
docker run -it --rm --name certbot -v “/data/cert:/etc/letsencrypt” certbot/dns-digitalocean certonly -n --test-cert --agree-tos --email firstname.lastname@example.org --dns-digitalocean --dns-digitalocean-credentials /etc/letsencrypt/digitalocean_token.ini --dns-digitalocean-propagation-seconds 300 -d ‘*.kultdivinitylost.com’
It produced this output:
Failed authorization procedure. kultdivinitylost.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.kultdivinitylost.com
Above command worked with my other domain *.helmgast.se but not this one, but I can’t see what’s different between them.
If I use dig during this waiting time like below, I can see the record with token:
dig _acme-challenge.kultdivinitylost.com txt @ns1.digitalocean.com
but not if I do:
dig _acme-challenge.kultdivinitylost.com txt
What can be the issue here? Do I need to wait much longer? And isn’t Let’s Encrypt doing the DNS challenge directly to the authoritative nameserver?