Incorrect TXT record

Help
1

My domain is: doyle.v6.rocks

I ran this command: certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d \*.doyle.v6.rocks

It produced this output:

Requesting a certificate for *.doyle.v6.rocks
Hook '--manual-auth-hook' for doyle.v6.rocks ran with output:
Please add the following CNAME record to your main DNS zone:
_acme-challenge.doyle.v6.rocks CNAME 0b5b522f-7363-45bf-8d74-086c0b76400a.auth.acme-dns.io.

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: doyle.v6.rocks
Type: unauthorized
Detail: Incorrect TXT record "0b5b522f-7363-45bf-8d74-086c0b76400a.auth.acme-dns.io" found at _acme-challenge.doyle.v6.rocks

The operating system my web server runs on is (include version): Ubuntu 22.04

I can login to a root shell on my machine (yes or no, or I don't know): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

Instructions were confusing on whether it needs a CNAME or TXT entry, so I created both and verified that DNS had updated with both a CNAME and TXT record before proceeding using https://mxtoolbox.com/

DNS
DNS1855×1012 167 KB

3

Hi @spiceygas, and welcome to the LE community forum :slight_smile:

That's not a TXT record.
Just use it for the CNAME.

Also, it asks for a CNAME:

5 Likes
4

That seems to have fixed it. It was confused because the instructions said to set a CNAME and the error said it had an "incorrect TXT record." So I thought maybe it needed a TXT.

Anyways, I deleted the TXT, set the CNAME (must of had a typo the first time), and now everything is good. Thank you for the quick response.

1 Like
5

The CA is looking for a TXT record. The CNAME points at a different DNS server (acme-dns.io), where the script acme-dns-auth.py is setting the TXT record.

7 Likes
6

That makes sense. Thank you for clarifying.

One more dumb question: What if I accidentally deleted the CNAME entry I put into my DNS? How do I get certbot to tell me again what value should be set?

Certbot just gives me an error that "No TXT record was found."

(Yes, I realize I have it above in this thread. I have another server and accidentally deleted the DNS CNAME entry for that one's certificate.)

1 Like
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.