Get wildcard for .app domain

filmar25 · April 6, 2021, 12:53pm

Hi,

I successfully obtain a wildcard certificate for mftj.ca by running this command :

sudo certbot -d *.mftj.ca --manual --preferred-challenges dns certonly

I tried three times for the ptcs.app domain on the same server but it is not working :

sudo certbot -d *.ptcs.app --manual --preferred-challenges dns certonly

It produced this output:
Please deploy a DNS TXT record under the name
_acme-challenge.ptcs.app with the following value:

elxrgKzSVECWfQ0EKhCv_fWfnVulo4rqJLiLm-CMAKU

Before continuing, verify the record is deployed.

Press Enter to Continue
Waiting for verification...
Challenge failed for domain ptcs.app
dns-01 challenge for ptcs.app
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: ptcs.app
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.ptcs.app - check that a DNS record exists for this
domain

My web server is (include version): nginx 1.18.0

The operating system my web server runs on is (include version): ubuntu 20.10

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.7.0

Thank you for your help !

stevenzhu · April 6, 2021, 2:54pm

Hi,

Where did you enter those TXT records?
Did you do it in your Azure DNS panel? Because doing a nslookup, I couldn't locate your TXT record under _acme-challenge.ptcs.app

filmar25 · April 6, 2021, 3:24pm

Yes I know,

I flush it this morning.

But when I was trying to continue with certbot, I can have the TXT record at home and at work place too. I have wait for many hours after that before continue with certbot.

I have done the same step that my mftj.ca domain. It is why I don't understand.

stevenzhu · April 6, 2021, 3:35pm

I still don't see the record on my end.
I'm not sure what you have now...

Can you try to add a record under _acme-challenge.ptcs.app with a TXT value of "test" ?

filmar25 · April 6, 2021, 4:12pm

Yes it's done. I have added "test" as TXT record.

But don't forget what I said, I delete the record this morning. It is why you don't see it.

The print screen I join is to show that the record was existing when I continued the process with certbot.

Three times I have tried with the same result.

It was very easy with mftj.ca, but cannot proceed with ptcs.app

Thank you for your help !

stevenzhu · April 6, 2021, 4:29pm

Ohhh... Sorry I was confused of what "flush" means in this case..

Checking the record, I still didn't see anything under TXT for that subdomain.

Can you confirm you did add it to the correct place?

stevenzhu · April 6, 2021, 4:54pm

Ahhh.
I think I found out what's the issue.

You need to add the TXT validation record at _acme-challenge, not at @.

And some good news: since you are using Azure DNS, the easiest way for you to use DNS validation is to use certbot's Azure DNS API plugin. certbot-dns-azure · PyPI
You'll be able to fully automated the renewal process for your certificate if you have a valid DNS plugin or hook, so you don't need to spend some time figuring out what to do next!

filmar25 · April 6, 2021, 5:15pm

Ok thank you stevenzhu,

Appreciate your help !

system · May 6, 2021, 5:16pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.