I ran this command:
certbot certonly --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name 'npm-31' --agree-tos --email 'myemail@gmail.com' --domains 'portainer.domain.com' --authenticator 'dns-dynu' --dns-dynu-credentials '/home/user/dynu/credentials.ini' --dns-dynu-propagation-seconds 120
It produced this output:
Certbot failed to authenticate some domains (authenticator: dns-dynu). The Certificate Authority reported these problems:
Domain: portainer.domain.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.portainer.domain.com - check that a DNS record exists for this domain
Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-dynu. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-dynu-propagation-seconds (currently 120 seconds).
The version of my client is: 4.0.0
I've been using letsencrypt with DYNU ACME challenges successfully for a few years. Not long ago, I started getting errors in nginx-proxy-manager; and to test things out, installed certbot on an Ubuntu VM.
I noticed that while using an ACME challenge, with the correct API key, that certbot would go looking for the TXT record _acme-challenge.HOST.domain.com, while my dynamic DNS host out on the internet (DYNU) would end up with a TXT record of _acme-challenge.domain.com, the 'HOST' part was missing.
I'm not sure if this is a certbot issue, or a dynu issue. I did open a ticket with them, but thought I'd poke in here and see if anyone knew what was going on?
Thanks.