I ran this command: ./certbot-auto certonly --webroot -w /var/www/html/ -d zokcate.com -d www.zokcate.com -d *.zokcate.com
It produced this output: An unexpected error occurred:
The request message was malformed :: Error creating new order :: Domain name “www.zokcate.com” is redundant with a
wildcard domain in the same request. Remove one or the other from the certificate request.
Please see the logfiles in /var/log/letsencrypt for more details.
IMPORTANT NOTES:
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
My web server is (include version): LAMP
The operating system my web server runs on is (include version): Debian 9.5
My hosting provider, if applicable, is: google cloud
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
Yes you are right, i even tried removing the www.zokcate.com and tried the following comand
./certbot-auto certonly --webroot -w /var/www/html/ -d zokcate.com -d *.zokcate.com
but then i got this error
Client with the currently selected authenticator does not support any combination of challenges that will satisfy t
he CA. You may need to use an authenticator plugin that can do challenges over DNS.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy t
he CA. You may need to use an authenticator plugin that can do challenges over DNS.
as per your suggestion when i run this command: ./certbot-auto certonly --webroot -w /var/www/html/ -d webzate.com -d *.webzate.com
i get this error
-bash: syntax error near unexpected token `(’
and when i run following command: ./certbot-auto certonly --webroot -w /var/www/html/ -d webzate.com -d *.webzate.com
i get this error
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Apologize for the command thing… I did a copy & paste while using my phone… and appraently it doesn’t work out…
If you want to use DNS Validation, there are two options…
If your DNS provider support automated validation (API Access) & a ACMEv2 client supports it, you could use those clients.
If not, you could just run the command ./certbot-auto certonly --manual -d zokcate.com -d '*.zokcate.com', which you would need to manually add the required DNS entry to your dns zones & you can’t renew automatically. (quote added according to @Osiris’s suggestion)
In bash, astrisks ("*") need to be incorporated in single quotes (') to use the symbol literally. Otherwise, bash will see it as the wildcard symbol for itself and tries to parse it.
Also, you can’t use the --webroot authenticator for wildcard hostnames. Use the dns-01 challenge with either the manual plugin (which needs scripts for automated renewal, see Pre and Post Validation Hooks for more info about that) or use one of the DNS plugins for certbot. Unfortunately, those plugins aren’t installed (yet?) when using certbot**-auto**.
The command you provided worked for me
./certbot-auto certonly --manual -d zokcate.com -d ‘*.zokcate.com’
the output was to create a file and make it accessable to .well-known… i completed that and continue and then the message was to create a DNS TXT record so i just created a text record _acme-challenge.zokcate.com and added the value from the output and it asked me to verify the record before continue so when i try to visit _acme-challenge.zokcate.com nothing loads
Did i make any mistake?
also before running the above command i had used this command:
wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto
will i be able to access or see any value if i visit _acme-challenge.zokcate.com or should i just ignore and continue with the setup?
The TXT record isn't something to surf to with a webrowser. You'll need to use a DNS client like dig to check it. You can use online tools for this, such as Dig (DNS lookup)
It seems your TXT record hasn't been added properly or you've removed it again, I'm getting a rcode NXDOMAIN as answer.
Does your domain zokcate.com even exist? I can't get any DNS record for it, not even an A record for the bare domain or the www hostname...
I deleted the zokcate.com entry it was for testing purpose
my production site is webzate.com and i had followed all the commands with this domain and i have attached the screenshot of TXT record dns of webzate.com
id 5849 opcode QUERY rcode NOERROR flags QR RD RA ;QUESTION _acme-challenge.webzate.com. IN TXT ;ANSWER_acme-challenge.webzate.com. 299 IN TXT “S8iQmL62aMPn_Sp7ftSBZVX3nvZUKzpYVu1OlSmG1Ko” ;AUTHORITY ;ADDITIONAL
You have to request the whole hostname, including the _acme-challenge part.
Thanks for helping, I have successfully configured the ssl on my server and it works however it should the ssl is valid only for 90 days, can you please help me to understand how to renew my ssl after 90 days.
After 90 days, you would need to execute the command again… And set the txt record again
./certbot-auto certonly --manual -d zokcate.com -d ‘*.zokcate.com’