Error with DNS challenge renewal of www domain name

Hi to all, I am trying to renew my certificate… but for some reason I cannot make it work for the www portion of the domain. It does work for non-www.
Have tried adding the _acme-challenge.www but for some reason it does not work…
Any help is much appreciated. Thanks to everyone!

My domain is:

granel.uy

I ran this command:

sudo certbot -d granel.uy -d www.granel.uy --manual --preferred-challenges dns certonly

It produced this output:

Challenge failed for domain www.granel.uy
dns-01 challenge for www.granel.uy
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.granel.uy
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.www.granel.uy - check that a DNS record exists for
    this domain

My web server is: Nginx 1.16.1

The operating system my web server runs on is (include version): Centos 7

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

3 Likes

Hi @graneladmin

checking your current domain (there are older checks with some wrong TXT entries) that looks … unclear - see https://check-your-website.server-daten.de/?q=granel.uy#txt

If you want to create one certificate with the non-www and the www domain name, the two marked entries are required.

So that looks good.

If you want to create one certificate with the main domain and a wildcard, two entries with the first domain name are required. So there are too much entries.

But: If two entries are correct, it should work.

So remove the other entries, start Certbot again, update both entries, recheck your domain.

If the result is ok, confirm.

Some older checks (some weeks old) had some wrong entries, but now all entries have a “looks good”.

3 Likes

Million thanks. Indeed it solved the issue.
I did the exact same steps you suggested:

  1. Removed previous TXT records.
  2. issued again certbot command.

The only difference I made this time, is that I waited longer for propagation (Around 15 minutes) and before hitting ENTER after Certbot asked to create the TXT entry I verified that the website ( https://check-your-website.server-daten.de ) was able to confirm the TXT entry.

Thanks again.
Cannot put into words how much you have helped me out.

Best wishes from Uruguay,

regards,
Felipe

4 Likes