At that point you need to manually edit your DNS Records and add a TXT Record for _acme-challenge.vvp.lerg.lt with contents of
jmOIQ_y9IoGfem1DN-1cPp1X6SQ7PMTTzDUV1jjO3gw.BTYdvn8zv5JjwijnYjvL-ins8n0hk9rW3loEY8biQOY
1 Like
well i run this and got almost the same thing
Challenge failed for domain lerg.lt
dns-01 challenge for lerg.lt
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: lerg.lt
Type: unauthorized
Detail: No TXT record found at _acme-challenge.lerg.lt
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Yeah i added that
OK; but that manual DNS edit of adding a TXT record will only be one for all of the domain name (and its subdomains) lerg.lt.
So how do you edit your DNS Records?
1 Like
i can edit those from the Hosting site where i have my server hosted
well if i run sudo certbot certonly --manual and enter lerg.lt i get this
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/lerg.lt-0001.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
what i should chose here ?
Presently there is not DNS TXT for the domain name _acme-challenge.lerg.lt
As shown here:
https://unboundtest.com/m/TXT/_acme-challenge.lerg.lt/TYNT6FT4
Query results for TXT _acme-challenge.lerg.lt
Response:
;; opcode: QUERY, status: NOERROR, id: 4452
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;_acme-challenge.lerg.lt. IN TXT
;; AUTHORITY SECTION:
lerg.lt. 0 IN SOA ns1.serveriai.lt. hostmaster.iv.lt. 2023031500 43200 3600 1209600 3600
----- Unbound logs -----
Mar 14 23:10:41 unbound[715086:0] notice: init module 0: validator
Mar 14 23:10:41 unbound[715086:0] notice: init module 1: iterator```
1 Like
Sorry. 
Definitely wait for more knowledgeable Let's Encrypt community volunteers to assist.
2 Likes
Yeah ;( i will wait
That would be for and only for vvp.lerg.lt
Also each time (not quite correct but close) that challenge token changes.
1 Like
Yeah i know but i can't generate for lerg.lt
so each time i need to generate new token ?
Let's back up a bit. Why are you using DNS validation? Because the way you're choosing to validate your domain, you'll need to manually create (and then delete) a DNS TXT record every time you want to renew the cert, which will be roughly every 60 days. That really isn't a desirable situation. Is there a reason you can't use the more common HTTP validation?
If you do need to use DNS validation, certbot will tell you what records you need to create. When it tells you that, you need to create them. Once you've done that, you can tell certbot to proceed, and it will issue the cert. You'll then need to delete those records. Next time you create (or renew) the cert, you'll need to do the same thing again. And again. And again.
4 Likes
The good news is the Addition/Edit works, so you know how to do it;
now just or _acme-challenge.lerg.lt instead with the token supplied for the challenge that round.
https://unboundtest.com/m/TXT/_acme-challenge.vvp.lerg.lt/GYOHTPVJ
Query results for TXT _acme-challenge.vvp.lerg.lt
Response:
;; opcode: QUERY, status: NOERROR, id: 38067
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;_acme-challenge.vvp.lerg.lt. IN TXT
;; ANSWER SECTION:
_acme-challenge.vvp.lerg.lt. 0 IN TXT "jmOIQ_y9IoGfem1DN-1cPp1X6SQ7PMTTzDUV1jjO3gw.BTYdvn8zv5JjwijnYjvL-ins8n0hk9rW3loEY8biQOY"
----- Unbound logs -----
Mar 14 23:19:19 unbound[715158:0] notice: init module 0: validator
Mar 14 23:19:19 unbound[715158:0] notice: init module 1: iterator
Mar 14 23:19:19 unbound[715158:0] info: start of service (unbound 1.16.3).```
1 Like
Well im not sure what else can i use first time using certbot any sugestions?
1 Like
Well, you could try without the --preferred-challenges dns part. Why are you using that?
4 Likes
im not sure how can i get token for _acme-challenge.lerg.lt cause i m getting this
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): lerg.lt
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/lerg.lt-0001.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
so u mean i can try running this:
sudo certbot certonly --manual -d lerg.lt -d "*.lerg.lt"