I am trying to incorporate Let's Encrypt with my AWS Lightsail instance. I have done this successfully twice before, but this time I mistakenly deleted my TXT records while trying to troubleshoot the connection.
I ran this command: certbot -d blakelein.com -d *.blakelein.com --manual --preferred-challenges dns certonly
My web server is (include version): Apache 2.4.56
The operating system my web server runs on is (include version): Debian 5.10.197
My hosting provider, if applicable, is: AWS Lightsail
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): N/A
The version of my client is: certbot 1.12.0
When I ran the command initially it gave me the TXT Records (one at a time) for the two domain arguments I gave it. I plugged them into the AWS Lightsail interface on my AWS Console. It seemed like everything was good so I closed the shell and tested the SSL cert by visiting the website. I waited a while and it still was not a secure connection. I figured maybe I messed up and needed to try again, so I deleted the TXT records, ran "certbot delete" to delete the certificates on my machine and tried to generate another one for the domain.
It just said "Success!" Without giving me the TXT Records again.
Eventually, it locked me out for a week for trying to request more than 5 records. Is there a way to retrieve the TXT Records to put back into my AWS Console, or do I have to wait until that ticket would have expired (May 2024)?
Thank you for the responses! I am new to this type of thing, so bear with me while I try to understand and figure this out.
As far as I understand it, I issue the cert in the command line, it gives me TXT Records, and then the SSL is set for that/those domains. The reason I issued 4 more was because I didn't have the TXT Records for the cert to plug into my AWS Console; I was trying to get it to send them to me again.
I deleted all but one of them...
Are you saying I don't need to have the TXT Records actively tied into my Lightsail server's DNS Records? If that's not the case, how do I tie the SSL to that Domain?
The TXT RR is just part of the issuance process and is ephemeral. The TXT RR is NOT the same as a TLS certificate used to "set" "SSL" (SSL is an ancient term for older versions of the now modern TLS protocol).
You need to use the certificate to "set SSL", not the TXT RR.
You don't tie a cert to a domain. The cert is used by a TLS/SSL service which is Apache in your case. Apache has config lines that refer to the cert files. You could use that same cert in any number of services that handle the domain names in the cert such as mail servers, backend proxies or other.