Incorrect TXT record

My domain is:

I ran this command: certbot certonly --manual --manual-auth-hook /etc/letsencrypt/ --preferred-challenges dns --debug-challenges -d \*

It produced this output:

Requesting a certificate for *
Hook '--manual-auth-hook' for ran with output:
Please add the following CNAME record to your main DNS zone: CNAME

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Type: unauthorized
Detail: Incorrect TXT record "" found at

The operating system my web server runs on is (include version): Ubuntu 22.04

I can login to a root shell on my machine (yes or no, or I don't know): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

Instructions were confusing on whether it needs a CNAME or TXT entry, so I created both and verified that DNS had updated with both a CNAME and TXT record before proceeding using

Hi @spiceygas, and welcome to the LE community forum :slight_smile:

That's not a TXT record.
Just use it for the CNAME.

Also, it asks for a CNAME:


That seems to have fixed it. It was confused because the instructions said to set a CNAME and the error said it had an "incorrect TXT record." So I thought maybe it needed a TXT.

Anyways, I deleted the TXT, set the CNAME (must of had a typo the first time), and now everything is good. Thank you for the quick response.

1 Like

The CA is looking for a TXT record. The CNAME points at a different DNS server (, where the script is setting the TXT record.


That makes sense. Thank you for clarifying.

One more dumb question: What if I accidentally deleted the CNAME entry I put into my DNS? How do I get certbot to tell me again what value should be set?

Certbot just gives me an error that "No TXT record was found."

(Yes, I realize I have it above in this thread. I have another server and accidentally deleted the DNS CNAME entry for that one's certificate.)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.