My domain is sambidb.com. This is my first ever attempt to get a certificate, and diving into the deep end of the pool by trying to get a wildcard one (I don’t even have a website at the root domain, although I might eventually - I’m currently only running a database webapp on subdomains). My server is a CentOS 7 VPS on Linode.
I read various tutorials, but most of them describe the manual process. Since there is a DNS plugin for Linode, I figured I might as well do the slick Certbot way. The tutorial I primarily followed is this: https://linuxacademy.com/blog/linuxacademy-com/wildcard-certificates-with-lets-encrypt-and-nginx/
I updated certbot, installed python2-certbot-dns-linode, got an API key from the Linode Manager interface and put it in a file with chmod 600, and then ran this command:
certbot -a dns-linode --dns-linode-credentials /root/.certbot/linode.ini --dns-linode-propagation-seconds 60 -i nginx -d "*.sambidb.com" --server https://acme-v02.api.letsencrypt.org/directory
Here is the output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-linode, Installer nginx Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: dns-01 challenge for sambidb.com Starting new HTTPS connection (1): api.linode.com Starting new HTTPS connection (1): api.linode.com Starting new HTTPS connection (1): api.linode.com Waiting 60 seconds for DNS changes to propagate Waiting for verification... Cleaning up challenges Starting new HTTPS connection (1): api.linode.com Starting new HTTPS connection (1): api.linode.com Starting new HTTPS connection (1): api.linode.com Failed authorization procedure. sambidb.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge.sambidb.com IMPORTANT NOTES: - The following errors were reported by the server: Domain: sambidb.com Type: unauthorized Detail: No TXT record found at _acme-challenge.sambidb.com To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
I looked at my DNS, and indeed, there is no TXT record. I would be happy to make it, but I don’t know the value it needs, and I got the impression from the tutorial that the Linode plugin was supposed to create it for me. (That’s the whole point of making the command wait 60 seconds for propagation, right?) My webapp works fine, so I would think that means that the DNS A record, nginx configuration, etc. are correct. What should I look for? (I tried reading
letsencrypt.log, but I don’t know enough to recognize clues in it.)