How to generate a new DNS token for renewal when the old acme record is missing

Hello everybody,

I just noted that one of our domains has an expired SSL certificate, because the DNS challenge failed.

I've tried to perform a dry run and it tells me that the acme-challenge TXT record no longer exists. I verified the DNS record and it didn't exist any longer indeed. I would like to recreate the DNS record, but when ruinning certbot --renew it simply tells me that the acme-challenge record does not exist, or does not contain the correct data. How can I let certbot generate a new token for my TXT record?

Certbot version: 0.40

The TXT record changes at every renewal.

It sounds like Certbot was previously set up in a way where it was automatically performing the DNS challenge.

If that is the case, then you should find out why that's no longer working, and fix it.

Manually creating the required TXT records at every renewal is a last resort.

3 Likes

I was able to resolve it by just generating new certificates and switching to the HTTP challenge mode.. I actually have no idea why somebody in our team configured it in DNS challenge mode as port 80 is available..

2 Likes

The dns-01 is mandatory for wildcard certificates. If you don't have the requirement for a wildcard certificate and port 80 is indeed available, then there is usually no need to use the dns-01 challenge.

3 Likes