Well I found a solution for adding Let'sEncrypt SSL manually in InfinityFree
Step 1.
Choose certbot DNS challenge certbot certonly --manual --preferred-challenges dns -d "*.YourDomain"
Also, the subdomains work fine for Example: certbot certonly --manual --preferred-challenges dns -d "*.maddemon.free.nf"
output:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:
_acme-challenge.maddemon.free.nf.
with the following value:
M6DRvcOBx6_apw_CGHR7VgqHBRSgE3586Q1c-plEWU4
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.maddemon.fr
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Step 2.
Login to your InfinityFree cpanel scroll to the bottom and click on the CNAME
Step 3.
In the "Record Name" box enter (_acme-challenge), in "Domains" let it be the default, and in the " Destination" box enter the value that certbot provided, for Example: "M6DRvcOBx6_apw_CGHR7VgqHBRSgE3586Q1c-plEWU4"
Step 4.
Don't click enter yet...
Check if the DNS has updated yet nslookup -type=TXT _acme-challenge.maddemon.free.nf
cause the DNS usually takes 1 to 2 or more hours to update
Keep the certbot verification window open in the background
I don't see a Let's Encrypt cert for your domain. Your domain is currently using a cert from Google. And, as per previous discussion that hosting site does not support intermediate certs so may fail validation like shown here:
I don't see a Let's Encrypt cert in the public logs but sometimes those are delayed as much as 24H.
** server can't find _acme-challenge.maddemon.free.nf: NXDOMAIN`
Their DNS (198.251.86.152) nslookup -type=TXT _acme-challenge.maddemon.free.nf 198.251.86.152
output:
Server: 198.251.86.152
Address: 198.251.86.152#53
_acme-challenge.maddemon.free.nf canonical name = m6drvcobx6_apw_cghr7vgqhbrsge3586q1c-plewu4.```
So, what if I use their DNS in certbot for verification
certbot isn't the one doing the verification - it is just an ACME client.
If the ACME client could also do the verification ... we would have a broken/exploited system!
The DNS verification is being done by LE.
And they only follow the authoritative DNS tree/path.
So, it will never use systems like 8.8.8.8 [for verification].
sorry guys this method will not work until there is a way to use their DNS in certbot cause it will not update or it will take a long time to populate the Google DNS
It has been up to 24 hours but nslookup -type=TXT _acme-challenge.maddemon.free.nf still shows
`Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find _acme-challenge.maddemon.free.nf: NXDOMAIN`
Let's Encrypt crawls the authorative nameservers from the root servers down to the authorative nameserver of the hostname. Please don't use third party DNS servers to check for propogation, but use e.g. dig +trace or https://unboundtest.com.