Error to certificate - Incorrect TXT record

Help Ayuda (en Español)
1

me manda este error ya le puse el acme a el dns y espere la propagacion pero sige dando error

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: withx.domain.com
Type: unauthorized
Detail: Incorrect TXT record "oitD_Tswcf8fGgU_w_ggET1iHNFrb076-Kgjrz3b2F85Yp6jgjCIO8" found at _acme-challenge.withx.domain.com

Domain: withx.domain.com
Type: unauthorized
Detail: Incorrect TXT record "oitD_TNwcf8fGgU_w_ggET1iHNFrb076-Kgjrz3b2F85Yp6jgjCIO8" found at _acme-challenge.withx.domain.com

Hint: The Certificate Authority failed to verify the DNS TXT records created by the --manual-auth-hook. Ensure that this hook is functioning correctly and that it waits a sufficient duration of time for DNS propagation. Refer to "certbot --help manual" and the Certbot User Guide.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@saas:/etc/apache2/sellyoursaas-enabled#

comando ejecutado

certbot certonly -n --manual-public-ip-logging-ok --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --manual --preferred-challenges=dns --manual-auth-hook /home/admin/wwwroot/dolibarr_sellyoursaas/scripts/letsencrypt_authenticator.sh -d "*.with.domain.com,with.domain.com" -m agp@unboxerp.com --deploy-hook "systemctl restart apache2"

1 Like
2

I hope you can read English. Is that TXT record still there? Because I don't see it. See unboundtest tool which looks up DNS records similar to Let's Encrypt

I see the name servers are in AWS Route53. Is that where you added the TXT records?

4 Likes
3

I CREATE THEM IN WHM WHERE I HAVE THE DOMAIN BUT SERVER THEM IF I HAVE THEM IN AWS

I CHANGE THE ONES IT ASKED ME FOR, I CHECK THE PROPAGATION SINCE THEY ARE PROPAGATED, I RUN THE COMMAND AGAIN AND IT MARKS ME AN ERROR AND IT GENERATES NEW ONES,

BUT IF YOU SEE ME WHAT I PUT BEFORE

1 Like
4

How did you check? Because I don't see any TXT records (below). Did you see them in unboundtest? If so, what domain name did you use?

dig TXT +short _acme-challenge.withx.domain.com
dig A   +short withx.domain.com
dig A   +short domain.com
18.221.195.49
4 Likes
5

Captura de Pantalla 2022-08-26 a la(s) 13.23.53
Captura de Pantalla 2022-08-26 a la(s) 13.23.531920×883 158 KB

1 Like
6

Captura de Pantalla 2022-08-26 a la(s) 13.25.40
Captura de Pantalla 2022-08-26 a la(s) 13.25.401826×390 39.6 KB

1 Like
7

Oh, I understand. That was not your real domain name.

I see two problems. One, your DNS name servers are not configured properly. See the dnsviz test site. It shows your authoritative name servers don't match your delegation set. Let's Encrypt uses the authoritative name servers.

The second problem is those two values should show up as separate lines. You need to enter them differently. Check with your DNS system.

Example using unboundtest:
Yours:

_acme-challenge.withx.unboxcrm.com.	0	IN	TXT	"RIhOFGyfKAHo4d54o3anqpq7Qkhzt_0uBz02s_IgbQg" "MF6Yys7DMXaQgvVk2f0ZhRngLNS_4hcqVh51jAIKB3M"

Should look like:

_acme-challenge.withx.unboxcrm.com.	0	IN	TXT	"Value1"
_acme-challenge.withx.unboxcrm.com.	0	IN	TXT	"Value2"
4 Likes
8

Captura de Pantalla 2022-08-26 a la(s) 14.07.00
Captura de Pantalla 2022-08-26 a la(s) 14.07.002856×344 44.7 KB

1 Like
9

I don't see any change to your TXT format. unboundtest.com still shows both values on same line.
https://unboundtest.com/m/TXT/_acme-challenge.withx.unboxcrm.com/T3Y2CSF4

You could try asking whoever provides that panel how to do it.

On my system you enter both values in same box but on separate lines. That is, paste in the first value, press enter to get new line and paste the second value.

Maybe in your system you need to enter two records with the same _acme-challenge.withx.unboxcrm.com name with just a single value in each box. I do not know. You will have to experiment or ask for your panel provider advice until it looks like my sample in unboundtest from post #7

What does that manual-auth-hook do? Does it update the DNS records? If so, as a test remove that option from certbot command. Certbot will pause and show you the values.
Then, put the values in your DNS manually until you know the method that works. Then find out how to get the script to do the same thing.

4 Likes
10

Maybe the CAPS LOCK key got stuck and is interfering.
It is definitely interfering with my understanding, I can't read ALL CAPS well.

3 Likes
11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.