Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: bhfarma.es
I ran this command:
It produced this output:
My web server is (include version): servidor dedicado
The operating system my web server runs on is (include version): windows server 2012R2
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): plesk onyx
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
That information on what you've tried so far (the "I ran this command" and "It produced this output" sections) will be very useful to people here trying to help you. If it's something through that Plesk control panel, can you give the complete output or screenshots? There are approximately a bazillion ways of trying to get a Let's Encrypt certificate, so it's hard to know exactly what trouble you're running into.
Here is the documentation for Let's Encrypt DNS validation using Plex Onyx:
Assuming plex is updating your DNS TXT records OK (you can check it with dig etc) you still have to wait for those changes to replicate to your primary and secondary nameservers, that often means you have to wait a minute or so (sometimes longer) before proceeding with the certificate request.
The issue is still that the TXT record that's present in your DNS is wrong ( dig -t TXT _acme-challenge.bhfarma.es shows "f7iP6UUWM0sZ9QClE-Emh7Us9cqKuqmeWnEN8v78u2Y" instead of the required "ZnX8...").
So the question is are you setting this DNS TXT record manually or is it supposed to be automated in Plesk? If manual then update your TXT record, if automated then raise this bug with Plesk support.
Plesk automatically gives me the TXT record but I have the option of being able to change it later. I don't know if changing to the registry that solves will solve the problem for me
Do you usually add it to your DNS yourself (manually)? Keep in mind that _acme-challenge TXT records for dns-01 challenges are only used once and thus are worthless after a single use and should be removed. They are not meant to persist.
At the moment the TXT record appears to me with the value with which it solves without doing it manually. But if I want to generate a certificate it gives me another TXT value that I do not accept but I start again with the same problem.
With this record, can the certificate be generated manually?
Each time that you attempt to get a certificate, you get a new TXT value to use in DNS. Ideally your provider would automate this. If they don't, then you need to manually update your DNS every couple months for each time you need to get a new certificate.
Indeed it is, but if I manually delete the DNS record, does it completely remove it? or should I remove the _acme-challenge otherwise?
I have only had problems with this domain since the others that I manage I have been able to create the certificate without any problem
After you get a certificate, the DNS TXT record is useless and should be deleted, yes.
Are you managing all these domains (the ones that work and the ones that don't) on the same platform? If some are set up to be able to edit your DNS automatically for you, and some aren't, then you might be able to work with your hoster to figure out what the difference is and get them all configured the same.
As mentioned, this TXT record value needs to change for almost every certificate order, so i you can't use and automated DNS provider to update the TXT record then you should look at acme-dns (using a CNAME pointed to a dedicated acme-dns service, your acme client then updates acme-dns instead of changing your DNS records).
