How to get private key files

I need to do this - Please add the following CNAME record to your main DNS zone:

But do not know how to do in google domains dns tab

Hi,
I dont know L of lets encrypt. I assumed I can use a certbot command and get 4 pem files, which is all I need.

Current Problem:
Cleaning up challenges
Failed authorization procedure. pywise.co.uk (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.pywise.co.uk - check that a DNS record exists for this domain, pywise.co.uk (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.pywise.co.uk - check that a DNS record exists for this domain

That looks good but when I check it using dig -t CNAME _acme-challenge.pywise.co.uk it doesn't see it. I think maybe your DNS records are being managed in Google Cloud DNS (see the Google Cloud Console - Cloud DNS) and not in Google Domains.

If you can access Cloud DNS and find your domain/zone and create that same record there then I think that will fix it.

Not from where I'm sitting, but I can't blame you... those looks are deceiving!

Have a look at this:

nslookup -q=txt _acme-challenge.pywise.co.uk.pywise.co.uk
_acme-challenge.pywise.co.uk.pywise.co.uk       canonical name = 2185136e-2258-49fc-b99d-27a5a08cf6fd.auth.acme-dns.io
2185136e-2258-49fc-b99d-27a5a08cf6fd.auth.acme-dns.io   text =

        "Yxt3muKLK6EkAerbu4LgsBK-U0ghPZnVLh1jnEAW3Mw"
2185136e-2258-49fc-b99d-27a5a08cf6fd.auth.acme-dns.io   text =

        "eA-R4ScEl0IXBZqxYkfp7SH3VIK2T_Bku8itIVZcUYk"
1 Like

When you create the CNAME, only use "_acme-challenge".
Which creates that name in your zone = "pywise.co.uk"
And the entry looks like: "_acme-challenge.pywise.co.uk"

When you include the domain in the add, the DNS panel isn't smart enough to understand what you want and just does exactly what you asked of it:
You say add "_acme-challenge.pywise.co.uk" to may zone "pywise.co.uk"
and you end up with:
"_acme-challenge.pywise.co.uk.pywise.co.uk"

1 Like

Well spotted!

So @kswat you have accidentally entered your DNS record as _acme-challenge.pywise.co.uk.pywise.co.uk instead of just _acme-challenge.pywise.co.uk, I think you need to just rename it to _acme-challenge and the system will take care of the rest of the domain.

Domain control panels vary in how they handle that and some can intelligently remove duplicated domains in record names.

1 Like

@rg305 @webprofusion and the digital ocean article
Thanks for your help

I changed the name to "_acme-challenge" and it worked!!

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/pywise.co.uk/fullchain.pem

Should I start a new post for - how to handle renewal
Your cert will expire on 2021-09-29

1 Like

Yes, for renewals that a general certbot question but if you are still running within docker I'm not sure the usual cron job idea will apply. If you are just running this on a normal linux server then it's easier. I'm not a certbot expert so I can't advise on that.

A renewal is normally much the same as your first certificate request but in your case you want to preserve your acme-dns registration config, otherwise you'd need a new CNAME every time.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.