Failed authorization procedure

Hello I'm having issues renewing my expired cert.

instance: AWS EC2

Hosting: Godaddy

Version: certbot 0.31.0

Error msg:
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. wardwebdev.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "-4MQMvzekQSAu2p47EuX9J9Q7tCEF3J1Tyurnjgag1I" (and 1 more) found at _acme-challenge.wardwebdev.com, wardwebdev.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "fL35ZmSPT6C0qwq3OKHA5RJHnbSOEYeQD05NRvB2CeY" (and 1 more) found at _acme-challenge.wardwebdev.com

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: wardwebdev.com
    Type: unauthorized
    Detail: Incorrect TXT record
    "-4MQMvzekQSAu2p47EuX9J9Q7tCEF3J1Tyurnjgag1I" (and 1 more) found at
    _acme-challenge.wardwebdev.com

    Domain: wardwebdev.com
    Type: unauthorized
    Detail: Incorrect TXT record
    "fL35ZmSPT6C0qwq3OKHA5RJHnbSOEYeQD05NRvB2CeY" (and 1 more) found at
    _acme-challenge.wardwebdev.com

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

1 Like

Welcome to the community @majortom84

Based on your cert history it looks like you do manual renewals. That is, the renewals are not on a set schedule.

I see two TXT records for your domain but they are not the ones needed by the current challenge. If you are doing manual renewals you need to manually update the TXT records. Or, fix the DNS challenge so that it auto-renews.

If you need help with that show the certbot command that failed. If it was just renew then show the contents of the renewal conf file for the domain in:

/etc/letsencrypt/renewal/
3 Likes

how can I view my txt records to see if they have updated ?

1 Like

This tool uses a similar method to what Let's Encrypt uses for that:
https://unboundtest.com/

I used that to lookup your TXT records and saw what you showed in post #1
https://unboundtest.com/m/TXT/_acme-challenge.wardwebdev.com/JSDFIIO3

You could try adding --debug-challenges -v to your certbot command for more info

3 Likes

it was godaddy. Took forever for the txt record to populate with the new variables.

I had to have them "flush" it. Like a restart.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.