My domains are:
aidica.ca, *.adica.ca
I ran this command:
certbot -d aidica.ca -d *.aidica.ca --manual --preferred-challenges dns certonly
It produced this output:
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: aidica.ca
Type: dns
Detail: DNS problem: query timed out looking up TXT for _acme-challenge.aidica.ca
Domain: aidica.ca
Type: dns
Detail: DNS problem: query timed out looking up TXT for _acme-challenge.aidica.ca
Hint: The Certificate Authority failed to verify the manually created DNS TXT records. Ensure that you created these in the correct location, or try waiting longer for DNS propagation on the next attempt.
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 1.29.0
===
I had these certificates for more than a year, and they renewed 7 times just fine until now. I have a set of scripts with hooks to automate the process, but thought that maybe something is wrong with my current certificate, so I deleted it with 'certbot delete' and tried to get a new one.
If I run the above command in --dry-run mode, all is good, and I am getting the certs. In fact, --dry-run was also working for renewal commands just fine.
In production mode, I only get one _acme_challenge instead of two, and if I remove one of the domain names, and try to get new certificates (i.e. only aidica.ca or only *.adica.ca) I get no _acme_challenge's and the process fails with the "timeout" error.
So, it looks like the server send one challenge less than the number of domain names requested, but works fine in dry-run mode.