Error for renew ssl certifcate

dear sir,
I tried to renew my ssl certificate but i received the below error :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for westad-m.com
dns-01 challenge for westad-m.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. westad-m.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge.westad-m.com, westad-m.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge.westad-m.com
IMPORTANT NOTES:

  • The following errors were reported by the server:Domain: westad-m.com
    Type: unauthorized
    Detail: No TXT record found at _acme-challenge.westad-m.comDomain: westad-m.com
    Type: unauthorized
    Detail: No TXT record found at _acme-challenge.westad-m.comTo fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

Which version of certbot are you using?

You appear to be trying to use manual DNS validation. This involves creating a specific TXT record in your DNS control panel, which you haven't done.

1 Like

thanks for your reply, and the certtbot version : certbot 0.27.0

Manual DNS authentication requires for you to manually create the required TXT record in your DNS zone ("_acme-challenge.westad-m.com").
Then you may need to wait until all your authoritative DNS servers are in sync before proceeding.
Try checking them first with:
nslookup -q=txt _acme-challenge.westad-m.com ns1.contabo.net
nslookup -q=txt _acme-challenge.westad-m.com ns2.contabo.net
nslookup -q=txt _acme-challenge.westad-m.com ns3.contabo.net

1 Like

thanks for your reply and I create the txt record in my dns zone as the below : Server: ns1.contabo.net
Address: 79.143.182.242#53
_acme-challenge.westad-m.com text = "ns2.contabo.net"
_acme-challenge.westad-m.com text = "ns3.contabo.net"
_acme-challenge.westad-m.com text = "ns1.contabo.net"

but i recived the below error :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for westad-m.com
dns-01 challenge for westad-m.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. westad-m.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "ns2.contabo.net" (and 2 more) found at _acme-challenge.westad-m.com, westad-m.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "ns3.contabo.net" (and 2 more) found at _acme-challenge.westad-m.com
IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: westad-m.com
    Type: unauthorized
    Detail: Incorrect TXT record "ns2.contabo.net" (and 2 more) found
    at _acme-challenge.westad-m.com

    Domain: westad-m.com
    Type: unauthorized
    Detail: Incorrect TXT record "ns3.contabo.net" (and 2 more) found
    at _acme-challenge.westad-m.com

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

No the app should be asking you to create the TXT record with a value like EtG3sadsl5_PhDC0zCib7MCdeWldZu3y8HUc6P6mdPw, so your TXT record name is correct but the value is wrong and it will change every time you go to renew your certificate.

If you can't see the TXT record value you're supposed to be using when you run certbot, consider just using http validation instead or upgrading your (old) version of certbot.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.