Get wildcard for .app domain


I successfully obtain a wildcard certificate for by running this command :

sudo certbot -d * --manual --preferred-challenges dns certonly

I tried three times for the domain on the same server but it is not working :

sudo certbot -d * --manual --preferred-challenges dns certonly

It produced this output:
Please deploy a DNS TXT record under the name with the following value:


Before continuing, verify the record is deployed.

Press Enter to Continue
Waiting for verification...
Challenge failed for domain
dns-01 challenge for
Cleaning up challenges
Some challenges have failed.


  • The following errors were reported by the server:

    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for - check that a DNS record exists for this

My web server is (include version): nginx 1.18.0

The operating system my web server runs on is (include version): ubuntu 20.10

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.7.0

Thank you for your help !


Where did you enter those TXT records?
Did you do it in your Azure DNS panel? Because doing a nslookup, I couldn't locate your TXT record under

Yes I know,

I flush it this morning.

But when I was trying to continue with certbot, I can have the TXT record at home and at work place too. I have wait for many hours after that before continue with certbot.

I have done the same step that my domain. It is why I don't understand.

I still don't see the record on my end.
I'm not sure what you have now...

Can you try to add a record under with a TXT value of "test" ?

Yes it's done. I have added "test" as TXT record.

But don't forget what I said, I delete the record this morning. It is why you don't see it.

The print screen I join is to show that the record was existing when I continued the process with certbot.

Three times I have tried with the same result.

It was very easy with, but cannot proceed with

Thank you for your help !

1 Like

Ohhh... Sorry I was confused of what "flush" means in this case..

Checking the record, I still didn't see anything under TXT for that subdomain.

Can you confirm you did add it to the correct place?

I think I found out what's the issue.

You need to add the TXT validation record at _acme-challenge, not at @.

And some good news: since you are using Azure DNS, the easiest way for you to use DNS validation is to use certbot's Azure DNS API plugin. certbot-dns-azure · PyPI
You'll be able to fully automated the renewal process for your certificate if you have a valid DNS plugin or hook, so you don't need to spend some time figuring out what to do next!

1 Like

Ok thank you stevenzhu,

Appreciate your help !

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.