My domain is: markert.live
I ran this command:
sudo certbot certonly --dns-rfc2136 --dns-rfc2136-credentials /etc/letsencrypt/dns_rfc2136_credentials.ini -d markert.live -d '*.markert.live'
It produced this output:
Requesting a certificate for markert.live and *.markert.live
Waiting 60 seconds for DNS changes to propagate
Certbot failed to authenticate some domains (authenticator: dns-rfc2136). The Certificate Authority reported these problems:
Domain: markert.live
Type: unauthorized
Detail: No TXT record found at _acme-challenge.markert.live
Domain: markert.live
Type: unauthorized
Detail: No TXT record found at _acme-challenge.markert.live
Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-rfc2136. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-rfc2136-propagation-seconds (currently 60 seconds).
My web server is (include version):
n/a (but I can install nginx if required)
The operating system my web server runs on is (include version):
Debian 12
My hosting provider, if applicable, is:
Hostinger
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
2.1.0
P.S. the output of letsencrypt.log is:
2025-09-23 05:14:36,574:DEBUG:certbot._internal.main:certbot version: 2.1.0
2025-09-23 05:14:36,575:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2025-09-23 05:14:36,575:DEBUG:certbot._internal.main:Arguments: ['--dns-rfc2136', '--dns-rfc2136-credentials', '/etc/letsencrypt/dns_rfc2136_credentials.ini', '-d', 'markert.live', '-d', '*.markert.live']
2025-09-23 05:14:36,575:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-rfc2136,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-09-23 05:14:36,603:DEBUG:certbot._internal.log:Root logging level set at 30
2025-09-23 05:14:36,605:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-rfc2136 and installer None
2025-09-23 05:14:36,606:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-rfc2136
Description: Obtain certificates using a DNS TXT record (if you are using BIND for DNS).
Interfaces: Authenticator, Plugin
Entry point: dns-rfc2136 = certbot_dns_rfc2136._internal.dns_rfc2136:Authenticator
Initialized: <certbot_dns_rfc2136._internal.dns_rfc2136.Authenticator object at 0x7f2f1990f090>
Prep: True
2025-09-23 05:14:36,607:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_rfc2136._internal.dns_rfc2136.Authenticator object at 0x7f2f1990f090> and installer None
2025-09-23 05:14:36,607:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-rfc2136, Installer None
2025-09-23 05:14:36,820:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2678457611', new_authzr_uri=None, terms_of_service=None), e78b4f04e90df860b2ddb9b204cc7b4a, Meta(creation_dt=datetime.datetime(2025, 9, 23, 0, 0, 43, tzinfo=<UTC>), creation_host='vmhomeserver.local.markert.live', register_to_eff=None))>
2025-09-23 05:14:36,822:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-09-23 05:14:36,825:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-09-23 05:14:38,025:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 995
2025-09-23 05:14:38,027:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 23 Sep 2025 05:14:37 GMT
Content-Type: application/json
Content-Length: 995
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "https://letsencrypt.org/docs/profiles#classic",
"shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
"tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/acme/renewal-info",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert",
"xULanfNg86w": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417"
}
2025-09-23 05:14:38,028:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for markert.live and *.markert.live
2025-09-23 05:14:38,036:DEBUG:certbot.crypto_util:Generating ECDSA key (2048 bits): /etc/letsencrypt/keys/0041_key-certbot.pem
2025-09-23 05:14:38,043:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0041_csr-certbot.pem
2025-09-23 05:14:38,046:DEBUG:acme.client:Requesting fresh nonce
2025-09-23 05:14:38,047:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-09-23 05:14:38,345:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-09-23 05:14:38,346:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 23 Sep 2025 05:14:38 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: JV8I8jm1Dg6nfeCA8aHx09si56v26EcmjcT3XiQsvJbQmlZzcps
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2025-09-23 05:14:38,347:DEBUG:acme.client:Storing nonce: JV8I8jm1Dg6nfeCA8aHx09si56v26EcmjcT3XiQsvJbQmlZzcps
2025-09-23 05:14:38,348:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "markert.live"\n },\n {\n "type": "dns",\n "value": "*.markert.live"\n }\n ]\n}'
2025-09-23 05:14:38,357:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY3ODQ1NzYxMSIsICJub25jZSI6ICJKVjhJOGptMURnNm5mZUNBOGFIeDA5c2k1NnYyNkVjbWpjVDNYaVFzdkpiUW1sWnpjcHMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "bJXQ9VW0UXxMCcuH4GH55gXbzXffKy2nE88P1W_JgtvaFFGHME5mNSeBvCNaNTP0wOM9LK25ZRs6YX9sE2TL0HedCOCMdZ5rICDIaSh4okIpK3qRBZ1KPwjezRX1pwPmIR0cbY8bpTA6C3OFb8uZsmX8OFEGYhYgzc-wXTN1dV4oENHilfMX44LCFmlOoAi-HdwMb6Yw2aNJzopPPp3QozJRcKY2P_dOpQx3g_evvXdWIfsOyUiKOAz_vokjVxup946qRIxKbSMnhkLDS2XWhAKlscUQrVQ75qNe0xJrVN77AwmXeUmtysdvT7R3W7vBeAcfIjJcJWsUmqB4kTUlzg",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1hcmtlcnQubGl2ZSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICIqLm1hcmtlcnQubGl2ZSIKICAgIH0KICBdCn0"
}
2025-09-23 05:14:38,819:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 491
2025-09-23 05:14:38,820:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 23 Sep 2025 05:14:38 GMT
Content-Type: application/json
Content-Length: 491
Connection: keep-alive
Boulder-Requester: 2678457611
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2678457611/430932893451
Replay-Nonce: qRkKkMTFl62FnJcgqnFFUiD5ltNtwhqRLFsUVMZpcqYZ3Gc7LhA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2025-09-30T05:14:38Z",
"identifiers": [
{
"type": "dns",
"value": "*.markert.live"
},
{
"type": "dns",
"value": "markert.live"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/2678457611/587574071981",
"https://acme-v02.api.letsencrypt.org/acme/authz/2678457611/587574072111"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2678457611/430932893451"
}
2025-09-23 05:14:38,820:DEBUG:acme.client:Storing nonce: qRkKkMTFl62FnJcgqnFFUiD5ltNtwhqRLFsUVMZpcqYZ3Gc7LhA
2025-09-23 05:14:38,821:DEBUG:acme.client:JWS payload:
b''
2025-09-23 05:14:38,826:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2678457611/587574071981:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY3ODQ1NzYxMSIsICJub25jZSI6ICJxUmtLa01URmw2MkZuSmNncW5GRlVpRDVsdE50d2hxUkxGc1VWTVpwY3FZWjNHYzdMaEEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI2Nzg0NTc2MTEvNTg3NTc0MDcxOTgxIn0",
"signature": "BhUW09h3-71G1LTsvgVGbuK4BgZXUHhvlMmh5huwPWWIrs38kBHJv0UfOo4EG9erOooL8FukTF_XS1HVWlSdykfS40YrZtf1-CDSW5dQN2sMNZHdVUVaOImD280zlLM95PCNTwrQGfWd_jJiZl2pJnrHaHSN6FFaIAKefbU0MuPfJC5lp7RsyRKfHWgE_SojK79T1MGKZlg_6jylswdq9B3dU7yeMyDhUYpAUj3ZNovLVOUBeW2So0OQ3MGkTl5HPg5JSDuPCX4R9inREDpR6mzHMXd7XN_32LANZo1R2pSKqqMZkslJIOOM_sZZWg5aCOqApRiu3UliIn8z9tMluQ",
"payload": ""
}
2025-09-23 05:14:39,136:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2678457611/587574071981 HTTP/1.1" 200 394
2025-09-23 05:14:39,138:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 23 Sep 2025 05:14:38 GMT
Content-Type: application/json
Content-Length: 394
Connection: keep-alive
Boulder-Requester: 2678457611
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: qRkKkMTFeuL7GdPJ068SvbfoD0aq-9r43L8gMiUKU168xEbbBaI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "markert.live"
},
"status": "pending",
"expires": "2025-09-30T05:14:38Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2678457611/587574071981/uWUVZw",
"status": "pending",
"token": "jrtDLRpTkiTVLQN6nCJVj5e6n0rPVzMQ3deNtdkFQQc"
}
],
"wildcard": true
}
2025-09-23 05:14:39,138:DEBUG:acme.client:Storing nonce: qRkKkMTFeuL7GdPJ068SvbfoD0aq-9r43L8gMiUKU168xEbbBaI
2025-09-23 05:14:39,139:DEBUG:acme.client:JWS payload:
b''
2025-09-23 05:14:39,145:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2678457611/587574072111:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY3ODQ1NzYxMSIsICJub25jZSI6ICJxUmtLa01URmV1TDdHZFBKMDY4U3ZiZm9EMGFxLTlyNDNMOGdNaVVLVTE2OHhFYmJCYUkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI2Nzg0NTc2MTEvNTg3NTc0MDcyMTExIn0",
"signature": "dSuZT1OvpqrCIslXQJG8ZouiPECdiuzZBSmWiyhA0URO8mD_LY0gWLfP5sVxRYTpE40WKXK6NxNN88Wxx4iVdvv2c92X-aOYecnZLxpP0W0C7J8vFj0UMYw0-lgNMzvBfkaFclynXIGgPoBn6fCDPG4DRc-MQ9Sz_pCOep0AIYWDXfvvGT-01n__9BSbt_0JgU2DD24MggX4RWd1qbiiXcTxGla_T1xSTZaS1XZS3qT_YkeWu1GZxHZ3FAEeSbZu9zYhGVjE0xQzVQGpeQDbgaPdvuS05vS3SErMV2Bd1vCB7GfhDo7yOV8WO7rxblV9TiOMiWvN5t3Vn9ug0xqc_g",
"payload": ""
}
2025-09-23 05:14:39,990:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2678457611/587574072111 HTTP/1.1" 200 820
2025-09-23 05:14:39,991:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 23 Sep 2025 05:14:39 GMT
Content-Type: application/json
Content-Length: 820
Connection: keep-alive
Boulder-Requester: 2678457611
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: JV8I8jm1DOwNjcAIsoz5SCmfnGQA1fOeF0D-sNzOrQ8mv--I-yw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "markert.live"
},
"status": "pending",
"expires": "2025-09-30T05:14:38Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2678457611/587574072111/Mc_rnA",
"status": "pending",
"token": "v31debSX76sqyvTPe3DSL4X8LIeOBtFOx2PLg68m40A"
},
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2678457611/587574072111/Vf1P4Q",
"status": "pending",
"token": "v31debSX76sqyvTPe3DSL4X8LIeOBtFOx2PLg68m40A"
},
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2678457611/587574072111/Eg2GyA",
"status": "pending",
"token": "v31debSX76sqyvTPe3DSL4X8LIeOBtFOx2PLg68m40A"
}
]
}
2025-09-23 05:14:39,991:DEBUG:acme.client:Storing nonce: JV8I8jm1DOwNjcAIsoz5SCmfnGQA1fOeF0D-sNzOrQ8mv--I-yw
2025-09-23 05:14:39,993:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-09-23 05:14:39,993:INFO:certbot._internal.auth_handler:dns-01 challenge for markert.live
2025-09-23 05:14:39,994:INFO:certbot._internal.auth_handler:dns-01 challenge for markert.live
2025-09-23 05:14:39,994:WARNING:certbot.plugins.dns_common:Unsafe permissions on credentials configuration file: /etc/letsencrypt/dns_rfc2136_credentials.ini
2025-09-23 05:14:40,009:DEBUG:certbot_dns_rfc2136._internal.dns_rfc2136:Received authoritative SOA response for _acme-challenge.markert.live
2025-09-23 05:14:40,028:DEBUG:certbot_dns_rfc2136._internal.dns_rfc2136:Successfully added TXT record _acme-challenge.markert.live
2025-09-23 05:14:40,037:DEBUG:certbot_dns_rfc2136._internal.dns_rfc2136:Received authoritative SOA response for _acme-challenge.markert.live
2025-09-23 05:14:40,051:DEBUG:certbot_dns_rfc2136._internal.dns_rfc2136:Successfully added TXT record _acme-challenge.markert.live
2025-09-23 05:14:40,052:DEBUG:certbot._internal.display.obj:Notifying user: Waiting 60 seconds for DNS changes to propagate
2025-09-23 05:15:40,055:DEBUG:acme.client:JWS payload:
b'{}'
2025-09-23 05:15:40,064:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/2678457611/587574071981/uWUVZw:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY3ODQ1NzYxMSIsICJub25jZSI6ICJKVjhJOGptMURPd05qY0FJc296NVNDbWZuR1FBMWZPZUYwRC1zTnpPclE4bXYtLUkteXciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzI2Nzg0NTc2MTEvNTg3NTc0MDcxOTgxL3VXVVZadyJ9",
"signature": "O62CakNlbAFWtv3HVKL7odIoZz6wtSR36NN12lFuY5TesRf7hiG1DTkQgAzzgn04v6zkPcNabVCvC6lQFj9cZi3UUIMDL3HRqiP5iuQ5nJEwZuH_LadlV2AWTNyWpPWVHp0WMsbcvDhWEwTV0DGWznNd4fzsWIp2-mwScn0sas1QeGsedzzS35PDawIkw-u4GTzPrL3LqrSI_VMPDfOpwEW0b651jzrhw331T5tkDORPHaR7Lv9_EQxKnzoiBkVB2AwxnNL8IZhI4OYVg7lhanyk8SGISMJZLVLOIK5PXbdNLPUGMYevOoRwUUNvANk2DCn9jHC5y5yVNaWoAzBNkw",
"payload": "e30"
}
2025-09-23 05:15:40,400:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/2678457611/587574071981/uWUVZw HTTP/1.1" 200 194
2025-09-23 05:15:40,402:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 23 Sep 2025 05:15:40 GMT
Content-Type: application/json
Content-Length: 194
Connection: keep-alive
Boulder-Requester: 2678457611
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/2678457611/587574071981>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/2678457611/587574071981/uWUVZw
Replay-Nonce: JV8I8jm1g_s4GyX_tDTFSD-t2CJkvcRV1aUr3wvsZYbFVQg-U1I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2678457611/587574071981/uWUVZw",
"status": "pending",
"token": "jrtDLRpTkiTVLQN6nCJVj5e6n0rPVzMQ3deNtdkFQQc"
}
2025-09-23 05:15:40,402:DEBUG:acme.client:Storing nonce: JV8I8jm1g_s4GyX_tDTFSD-t2CJkvcRV1aUr3wvsZYbFVQg-U1I
2025-09-23 05:15:40,404:DEBUG:acme.client:JWS payload:
b'{}'
2025-09-23 05:15:40,409:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/2678457611/587574072111/Mc_rnA:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY3ODQ1NzYxMSIsICJub25jZSI6ICJKVjhJOGptMWdfczRHeVhfdERURlNELXQyQ0prdmNSVjFhVXIzd3ZzWlliRlZRZy1VMUkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzI2Nzg0NTc2MTEvNTg3NTc0MDcyMTExL01jX3JuQSJ9",
"signature": "cyljFKZJhdhtnoKrk5XK3XgMAyIYWY-4P8SNKzNAAFC9rr-9yYvzNls548Klv4V1duWo5NRcXQVUA7qsZV9zon5gCcz66zZlU_CsrELeAc2bD_6G7a8LbeILjwWdvWAU6F8hqI0zjg5_wHdCX6KGIs-yWzvpKyXvLgWI0ZXAWw3xA4ysKhzfnN2VzE2luOZPe2yBsVb8PgPNP9DCrALq3isqo4yMcVUxLEJ_ATxX9F0CNfecIicNI5hRIN3wq57CdHZFVbVknQOfYFWgjrKXYQ6EPaT1d7fy1SrCIJEjNP9EdCGuJMGcW9AwbJwscm1c1zktpDhFs2NazkJjcTF9hA",
"payload": "e30"
}
2025-09-23 05:15:41,030:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/2678457611/587574072111/Mc_rnA HTTP/1.1" 200 194
2025-09-23 05:15:41,031:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 23 Sep 2025 05:15:40 GMT
Content-Type: application/json
Content-Length: 194
Connection: keep-alive
Boulder-Requester: 2678457611
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/2678457611/587574072111>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/2678457611/587574072111/Mc_rnA
Replay-Nonce: qRkKkMTFiSA8DgulnUm-C83GvHPaRoix5hZa7JUbzAclH50lBys
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2678457611/587574072111/Mc_rnA",
"status": "pending",
"token": "v31debSX76sqyvTPe3DSL4X8LIeOBtFOx2PLg68m40A"
}
2025-09-23 05:15:41,032:DEBUG:acme.client:Storing nonce: qRkKkMTFiSA8DgulnUm-C83GvHPaRoix5hZa7JUbzAclH50lBys
2025-09-23 05:15:41,032:INFO:certbot._internal.auth_handler:Waiting for verification...
2025-09-23 05:15:42,033:DEBUG:acme.client:JWS payload:
b''
2025-09-23 05:15:42,038:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2678457611/587574071981:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY3ODQ1NzYxMSIsICJub25jZSI6ICJxUmtLa01URmlTQThEZ3VsblVtLUM4M0d2SFBhUm9peDVoWmE3SlViekFjbEg1MGxCeXMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI2Nzg0NTc2MTEvNTg3NTc0MDcxOTgxIn0",
"signature": "rHHB4ERazmYFsvgODUjZzea1rb-SdHOSfp30sU1A1ArBKjRzyozdfQ23txqvJenb36Wc6YponacXiLRTzz5YYFCnSPnJvR7xglLrEG5S--1h0-1byAYG_E3J9DMDwaKjnWmRbPu91CncQHPODZj29jGrlt_dhDHkyYfpiasFoQhWuSd6uMQdGxwthLFvEe2nI04gE6L7nUklR6WFJNElhOUiTlqWAsDm6cCft2nIsSsfGcfvFTT0PvTU16nD1ts8LWCkk8TgRzjdJfpoutj2FH38VkNLdo_3RSi1Br_M5mBW27ptT5bF5lIGDIwvYDzeGc6Wox3ypqcAp8tNqUGhFw",
"payload": ""
}
2025-09-23 05:15:42,343:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2678457611/587574071981 HTTP/1.1" 200 617
2025-09-23 05:15:42,344:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 23 Sep 2025 05:15:42 GMT
Content-Type: application/json
Content-Length: 617
Connection: keep-alive
Boulder-Requester: 2678457611
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: qRkKkMTFDHDzoibBVFrl9Gx28kgaqHOuYwbOvire_bXl1wnkp68
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "markert.live"
},
"status": "invalid",
"expires": "2025-09-30T05:14:38Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2678457611/587574071981/uWUVZw",
"status": "invalid",
"validated": "2025-09-23T05:15:40Z",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "No TXT record found at _acme-challenge.markert.live",
"status": 403
},
"token": "jrtDLRpTkiTVLQN6nCJVj5e6n0rPVzMQ3deNtdkFQQc"
}
],
"wildcard": true
}
2025-09-23 05:15:42,345:DEBUG:acme.client:Storing nonce: qRkKkMTFDHDzoibBVFrl9Gx28kgaqHOuYwbOvire_bXl1wnkp68
2025-09-23 05:15:42,346:DEBUG:acme.client:JWS payload:
b''
2025-09-23 05:15:42,351:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2678457611/587574072111:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjY3ODQ1NzYxMSIsICJub25jZSI6ICJxUmtLa01URkRIRHpvaWJCVkZybDlHeDI4a2dhcUhPdVl3Yk92aXJlX2JYbDF3bmtwNjgiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzI2Nzg0NTc2MTEvNTg3NTc0MDcyMTExIn0",
"signature": "KbdtcMUbo4KUQg01Zg121JNJqYUMTm5AhC4AtieLfA91xGF1VTXyFSEOAWTlXjlMPpCZxJX0AmnntKJh4vadGrYixu-EJ9AzTzO06OlozEnS7fTmyKgSLgOHhVy9NGcWdaWqikaJigSmHz-cjSbQvdpU7CUUVEHEWMGi9UpOtqshFtq5e8r-N4NPoznkvszNunMzr_culOZ_j7CpFBAiFrpYKZ_6X0NaeLJ-4XF-q9hAqOoACT6iokUtGf1EfzojQ-zOobG8hKHO2yj-goD2bdzST6oJQ5Nuk9GWC7aXTkqLhOey04cw7EnFCBSF_QO7j5D5y2MOTif5q-qACf0F6A",
"payload": ""
}
2025-09-23 05:15:42,973:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2678457611/587574072111 HTTP/1.1" 200 597
2025-09-23 05:15:42,974:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 23 Sep 2025 05:15:42 GMT
Content-Type: application/json
Content-Length: 597
Connection: keep-alive
Boulder-Requester: 2678457611
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: qRkKkMTF5dGcRBlSUEQRDO35-XLvAY4nCKsQK-oMknOIdUF8QNI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "markert.live"
},
"status": "invalid",
"expires": "2025-09-30T05:14:38Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2678457611/587574072111/Mc_rnA",
"status": "invalid",
"validated": "2025-09-23T05:15:40Z",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "No TXT record found at _acme-challenge.markert.live",
"status": 403
},
"token": "v31debSX76sqyvTPe3DSL4X8LIeOBtFOx2PLg68m40A"
}
]
}
2025-09-23 05:15:42,974:DEBUG:acme.client:Storing nonce: qRkKkMTF5dGcRBlSUEQRDO35-XLvAY4nCKsQK-oMknOIdUF8QNI
2025-09-23 05:15:42,975:INFO:certbot._internal.auth_handler:Challenge failed for domain markert.live
2025-09-23 05:15:42,976:INFO:certbot._internal.auth_handler:Challenge failed for domain markert.live
2025-09-23 05:15:42,976:INFO:certbot._internal.auth_handler:dns-01 challenge for markert.live
2025-09-23 05:15:42,976:INFO:certbot._internal.auth_handler:dns-01 challenge for markert.live
2025-09-23 05:15:42,977:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: dns-rfc2136). The Certificate Authority reported these problems:
Domain: markert.live
Type: unauthorized
Detail: No TXT record found at _acme-challenge.markert.live
Domain: markert.live
Type: unauthorized
Detail: No TXT record found at _acme-challenge.markert.live
Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-rfc2136. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-rfc2136-propagation-seconds (currently 60 seconds).
2025-09-23 05:15:42,980:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-09-23 05:15:42,981:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-09-23 05:15:42,981:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-09-23 05:15:42,994:DEBUG:certbot_dns_rfc2136._internal.dns_rfc2136:Received authoritative SOA response for _acme-challenge.markert.live
2025-09-23 05:15:43,010:DEBUG:certbot_dns_rfc2136._internal.dns_rfc2136:Successfully deleted TXT record _acme-challenge.markert.live
2025-09-23 05:15:43,017:DEBUG:certbot_dns_rfc2136._internal.dns_rfc2136:Received authoritative SOA response for _acme-challenge.markert.live
2025-09-23 05:15:43,031:DEBUG:certbot_dns_rfc2136._internal.dns_rfc2136:Successfully deleted TXT record _acme-challenge.markert.live
2025-09-23 05:15:43,032:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot==2.1.0', 'console_scripts', 'certbot')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1736, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1590, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 138, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 516, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 428, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-09-23 05:15:43,039:ERROR:certbot._internal.log:Some challenges have failed.