Domain Ownership Verification Failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: PRIV_KEY=./account.key; echo -n “eyJ1cmwiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvNEFmVmNlVklwdWJJNmtqMm5tWnU3S0lWdmx6blRNOV9WMzNlbWpoMWlrOC8xOTYyNDc3MTkyMyIsImFsZyI6IlJTMjU2Iiwibm9uY2UiOiJGc3lPTzVPQ1NpTEtEQkpna1A3YnZmdHVyYXlhTVZPQnJfOUNGOVJIUFlZIiwia2lkIjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82MzU5MDk1NiJ9.e30” | openssl dgst -sha256 -hex -sign $PRIV_KEY

It produced this output:
(stdin)= 0adfaae6b70158b60bf7a208a36aa155aba4847b1c92e033f21ddfbb89077a90809ab8cf17d80f809271606c3d070d7615cb5fc84d1d45450001da5406f6fd04d69e69029b7bdde951e0706a6c74276db2a18fb12bc00034feff4ca7a65859ac22d4731c85f808c2ded084fd349e59b9bf4fd7175138a08be9b2382e5328873e66b7df0866148a11ce89c78be11147e29991266506cf1bf27d2cd2eb3cd29b22b17e02d81390219b87171447c65dde22b1c5398ec759ce7382f0b4bcc0b818f93d8dbb8398efb7c56ef4aafd71d024b1692d15631ec7bc6f710507b055c4a0c37f4bebc165e503801eb5e7de81682c29c85aef273929c9462dd646fea588c392

This is the error message I received:
Error: Domain challenge failed. Please start back at Step 1. {“identifier”:{“type”:“dns”,“value”:“”},“status”:“invalid”,“expires”:“2019-08-23T19:21:17Z”,“challenges”:[{“type”:“tls-alpn-01”,“status”:“invalid”,“url”:“",“token”:“D4Ka_ZsUjGzoiH6A4sohbJWDLSTGpOHQgkWWxgIs6GY”},{“type”:“dns-01”,“status”:“invalid”,“error”:{“type”:“urn:ietf:params:acme:error:dns”,“detail”:"DNS problem: NXDOMAIN looking up TXT for”,“status”:400},“url”:“",“token”:“z07cYWSOh86-j5C5RR8qdzvQ7p8rEBE7jIFYWLYcWCQ”},{“type”:“http-01”,“status”:“invalid”,“url”:“”,“token”:"tSWk8Krkfwgv0L4cOdDI21-hMPoDid24ymZ02gSBNyc”}]}
My web server is (include version): Apache 2.4.39

The operating system my web server runs on is (include version): RedHat 4.4.7-23

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, CPanel 78.0.27

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): N/A

1 Like

Hi @kailash_93

there is only an older GoDaddy - certificate -

Issuer not before not after Domain names LE-Duplicate next LE
Go Daddy Secure Certificate Authority - G2 2019-04-09 2020-04-09, - 2 entries

So it's your first Letsencrypt certificate.

  • Is there a cPanel solution?
  • What's your ACME-client you use?

Ah, there is the problem visible -

You have created a TXT entry with the domain name

But your menu adds your domain name, so you have the wrong domain name with a duplicated domain.

So create a TXT entry with _acme-challenge and the new TXT value.

Compare it with my own domain:

1 Like

Hello Mr. JuergenAuer,

Thank you so much for your helpful response, it was really helpful. It did work for me but now I’m stuck on the final stage: Finalize order and generate certificate

Following is the error message I’ve received but I don’t understand why because I obviously have 2 different keys private and public and public key is the one specified in the beginning of the form:
Error: Finalizing failed. Please start back at Step 1. { “type”: “urn:ietf:params:acme:error:malformed”, “detail”: “Error finalizing order :: certificate public key must be different than account key”, “status”: 400 }

Kindly help me resolve this issue, I truly appreciate your help.

Kailash Naik

1 Like

You need four different keys: a private key and a public key for your Let’s Encrypt account, and a private key and a public key for your certificate.

Let’s Encrypt doesn’t allow you to use the same keypair for both purposes.

1 Like

Ohh alright, and where do I provide this second pair of private/public key on the form? Because the only one I was asked was the public key for the Certificate at the beginning of the form.

Is it supposed to be mentioned in the echo part of the query?

What form? Are you using

If so, the public key requested in step 1 is for your account.

The CSR requested in step 2 includes, among other information, the public key that will be used for the certificate.

I don't know, sorry.

Ohh! And this public key for let’s encrypt is something I can simply generate myself using the openssl tool or have to get it from some place else?

Because, I just tried starting the whole process again and this time provided the public key in step1 from a completely different private key I generated and following is the error message I received:
Error: Account registration failed. Please start back at Step 1. { “type”: “urn:ietf:params:acme:error:malformed”, “detail”: “JWS verification error”, “status”: 400 }

I’m not sure which account is it referring to. I never got this error when I used the public key based on my Certificate’s private key.

Also, at the beginning of Step3 the form says I need to user my Account private key for all requests:
“Let’s Encrypt requires that you sign all of your requests to them with your account private key.”

So, I think I should be using the same private key for both CSR as well as the public key in Section 1. But, I keep getting stuck in the Final stage in that case.

1 Like

So, I finally did manage to generate a certificate for my domain from:

I followed the procedure you mentioned @mnordhoff and it worked!

I believe I may have error-ed at some point while copy pasting my own set of private/public keys I generated for the Let’s Encrypt account.

But, once again thank you so much @JuergenAuer and @mnordhoff; I truly appreciate your help.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.