Get wildcard for .app domain

Hi,

I successfully obtain a wildcard certificate for mftj.ca by running this command :

sudo certbot -d *.mftj.ca --manual --preferred-challenges dns certonly

I tried three times for the ptcs.app domain on the same server but it is not working :

sudo certbot -d *.ptcs.app --manual --preferred-challenges dns certonly

It produced this output:
Please deploy a DNS TXT record under the name
_acme-challenge.ptcs.app with the following value:

elxrgKzSVECWfQ0EKhCv_fWfnVulo4rqJLiLm-CMAKU

Before continuing, verify the record is deployed.


Press Enter to Continue
Waiting for verification...
Challenge failed for domain ptcs.app
dns-01 challenge for ptcs.app
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: ptcs.app
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.ptcs.app - check that a DNS record exists for this
    domain

My web server is (include version): nginx 1.18.0

The operating system my web server runs on is (include version): ubuntu 20.10

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.7.0

Thank you for your help !

Hi,

Where did you enter those TXT records?
Did you do it in your Azure DNS panel? Because doing a nslookup, I couldn't locate your TXT record under _acme-challenge.ptcs.app

Yes I know,

I flush it this morning.

But when I was trying to continue with certbot, I can have the TXT record at home and at work place too. I have wait for many hours after that before continue with certbot.

I have done the same step that my mftj.ca domain. It is why I don't understand.

I still don't see the record on my end.
I'm not sure what you have now...

Can you try to add a record under _acme-challenge.ptcs.app with a TXT value of "test" ?

Yes it's done. I have added "test" as TXT record.

But don't forget what I said, I delete the record this morning. It is why you don't see it.

The print screen I join is to show that the record was existing when I continued the process with certbot.

Three times I have tried with the same result.

It was very easy with mftj.ca, but cannot proceed with ptcs.app

Thank you for your help !

1 Like

Ohhh... Sorry I was confused of what "flush" means in this case..

Checking the record, I still didn't see anything under TXT for that subdomain.

Can you confirm you did add it to the correct place?

Ahhh.
I think I found out what's the issue.

You need to add the TXT validation record at _acme-challenge, not at @.

And some good news: since you are using Azure DNS, the easiest way for you to use DNS validation is to use certbot's Azure DNS API plugin. certbot-dns-azure · PyPI
You'll be able to fully automated the renewal process for your certificate if you have a valid DNS plugin or hook, so you don't need to spend some time figuring out what to do next!

1 Like

Ok thank you stevenzhu,

Appreciate your help !