Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:lucky4.com
I ran this command:acme.sh --renew -d lucky4.com --force
It produced this output:no zone found
Could not find a matching zone for _acme-challenge.lucky4.com. Maybe your HTTP Token is not authorized to access the zone
Error adding TXT record to domain: _acme-challenge.lucky4.com
My web server is (include version):
Rpi4
The operating system my web server runs on is (include version): Ubuntu 23.10
My hosting provider, if applicable, is: Dynv6
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Dynv6 pannel
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): latest, fresh install
That is : certbot 2.1.0
I already added two extra txt Records in in dynv6: TXT _acme-challenge.lucky4.dynv6.net>> Dno0zPM*****AeYfLGT0lE2EwY**TXT** ,and : _acme-challenge.www.lucky4.dynv6.netBW7t86ig3fuLQyjTzm3-Wm0hE` because wanted to do something like that: acme.sh --issue --dns -d lucky4.com -d www.lucky4.com --force --debug , but then the Log just finishes with this line :acme.sh --issue --dns -d lucky4.com -d www.lucky4.com --force --debug
That might be right, i am really very much a beginner!!! so might have to ask everything, what can I do to solve this expired sedo.com park problem? I mean just yesterday got Netcup except ns1.dyndns.net nameservers. I am not sure, seems not long ago?
Yes, if you are trying to get a cert for www.lucky4.dynv6.net then that's the domain you need to feed to acme.sh
Regarding the DNS TXT records you tried to create for _acme-challenge.lucky4.dynv6.net when I check those using dig I can see there is a space in the value, so that will cause validation to fail: " Dno0zPMXgR0hTRde9IxmdXSls9GU7AeYfLGT0lE2EwY"
If you are attempting manual DNS validation, allow a minute before proceeding with the certificate validation as you need to allow time for your nameservers to copy the changes.
If lucky4.com is is not a domain you have paid a domain registrar for then you don't own it and you can't control it or get a cert for it. If it is a domain you have paid for then you'd need to speak to your domain registrar but at the very least you need to update your nameservers on that domain to point to your real nameservers.
although I got to admit, I am not so sure, certainly my personal fqdn of my server is lucky4.com -d www.lucky4.com, but since I am using dynv6, www.lucky4.dynv6.net is what my Domain became, the Zone Name of domain in DYNV6, letsencrypt needs that also, to know where look for stuff like the txt records for example..
see no, that is correct that is only a server domain, the one I payed for is luckyjax.de. So if I can't get a cert for my server domain, do I need one for my server Domain anyway? shuld I get instead than instead one for website Domain? And no those two look actually like this > TXT _acme-challenge.lucky4.dynv6.net Dno0zPMXgR0hTRde9IxmdXSls9GU7AeYfLGT0lE2EwY
am sorry I am a bloody beginner, and it also in the middle of the night where i am, I wouldn't mind going on tomorow, did not expect such fast responce
I did know that, it was just supposed to be a random name my registered Website now, on my own server is hosted at, to be found...I figured nobody beside me and my website would know or care about that..
You could look at a self-signed cert if only for your own private use.
But, Let's Encrypt is a public Certificate Authority. It only issues certs for domain names that are in the public DNS system. You must show control of the domain name on the public internet to get the cert. This is true for any other public CA too.
It is possible to run a private CA for your own purpose but that is advanced. Not something to try as a beginner
So anyway, you can probably get a cert for www.lucky4.dynv6.net using certbot, which will then store the files under its /live path - then your next job is to get your site to use them by editing your config to point to the fullchain.pem and privatekey.pem files, so nginx knows what cert to use.
Once you have that (and assuming everything is running and port 443 is open) you can access your server using https://www.lucky4.dynv6.net in a browser but you cannot use any other names (made up domains etc) because the name you use in the browser has to exactly match the name on the certificate.
Incidentally, that domain doesn't seem to have nameservers properly set up, I'd suggest just using Cloudflare for DNS (free) on that instead of whatever this is, luckyjax.de | DNSViz
Thanks four the advice! Makes absoulut sense, but I tried it with giving the server the same name as my website, since figured it should work as well in the end, be less complicated, and basically solve the valid authentication issue, like others noticed.
