Error generating Certificate

I am getting the following error

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for amazingzoology.com and *.amazingzoology.com

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: amazingzoology.com
Type: unauthorized
Detail: Incorrect TXT record "_acme-challenge.amazingzoology.com" found at _acme-challenge.amazingzoology.com

Domain: amazingzoology.com
Type: unauthorized
Detail: Incorrect TXT record "_acme-challenge.amazingzoology.com" found at _acme-challenge.amazingzoology.com

Hint: The Certificate Authority failed to verify the DNS TXT records created by the --manual-auth-hook. Ensure that this hook is functioning correctly and that it waits a sufficient duration of time for DNS propagation. Refer to "certbot --help manual" and the Certbot User Guide.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My domain is: amazingzoology.com
My web server is (include version): Apache
The operating system my web server runs on is (include version): Ubuntu 24
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Virtualmin

Has it ever worked or is this your first time trying to use DNS domain validation?

I notice that if I query DNS I get an unusual response which suggests you might be doing something manually:

_acme-challenge.amazingzoology.com -t TXT

; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> _acme-challenge.amazingzoology.com -t TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1709
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_acme-challenge.amazingzoology.com. IN TXT

;; ANSWER SECTION:
_acme-challenge.amazingzoology.com. 300 IN TXT  "_acme-challenge.amazingzoology.com"

The answer value would normally be a string of random looking letters and numbers which is your systems "challenge response", like
_acme-challenge.amazingzoology.com. 300 IN TXT "abcd123weihqweihaefougsdfoghfdg"

Usually for DNS validation this value would be set automatically by the software you are using.

It was working and today I got a notification saying that SSL certificate has expired. Then I tried manual installation using Virtualmin interface. Getting the same error since.

• What does this manual installation process involved? Are you following a guide or guessing? It's different for every software - it's possibly/likely that nobody who regularly offers advice here knows how virtualmin works, but we can tell you how DNS validation normally works generally, if you need to know that.
• Where is your DNS hosted, how is it being updated to answer the ACME challenge?
• Did you perform a manual change to DNS last time you got a certificates?

Thank you @webprofusion for the quick response.
The problem is solved.
I have been trying to request a wildcard certificate with DNS hosted elsewhere.