Problem to generate wildcard certificate

Help
1

Hi guys,

I am trying to follow this tutorial https://www.youtube.com/watch?v=xCf4WebvCF8&t=1622s and to allow my reverse proxy to work with wildcard certificate. However, it's saying:

DNS problem: NXDOMAIN looking up TXT for _acme-challenge.eddienetwoks.ddnsfree.com - check that a DNS record exists for this domain

Here is the full log:

2021-08-13 21:06:23,180:DEBUG:certbot._internal.main:certbot version: 1.16.0
2021-08-13 21:06:23,180:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2021-08-13 21:06:23,181:DEBUG:certbot._internal.main:Arguments: ['--manual', '--preferred-challenges', 'dns', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '-d', '*.eddienetwoks.ddnsfree.com', '-d', 'eddienetworks.ddnsfree.com', '-v']
2021-08-13 21:06:23,181:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-08-13 21:06:23,206:DEBUG:certbot._internal.log:Root logging level set at 20
2021-08-13 21:06:23,207:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2021-08-13 21:06:23,213:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot._internal.plugins.manual:Authenticator
Initialized: <certbot._internal.plugins.manual.Authenticator object at 0x7f3744478f10>
Prep: True
2021-08-13 21:06:23,213:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.manual.Authenticator object at 0x7f3744478f10> and installer None
2021-08-13 21:06:23,213:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator manual, Installer None
2021-08-13 21:06:23,225:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/159758170', new_authzr_uri=None, terms_of_service=None), 2491055be5418d2dd416c418ca2124e3, Meta(creation_dt=datetime.datetime(2021, 8, 13, 9, 9, 57, tzinfo=<UTC>), creation_host='alpine.my.domain', register_to_eff=None))>
2021-08-13 21:06:23,225:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-08-13 21:06:23,228:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-08-13 21:06:24,149:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-08-13 21:06:24,150:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 13 Aug 2021 11:06:24 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "ckmDd3MYGgw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-08-13 21:06:24,193:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer <certbot._internal.cli.cli_utils._Default object at 0x7f3744535f10>
2021-08-13 21:06:29,887:DEBUG:certbot.display.util:Notifying user: Renewing an existing certificate for *.eddienetwoks.ddnsfree.com and eddienetworks.ddnsfree.com
2021-08-13 21:06:29,927:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0008_key-certbot.pem
2021-08-13 21:06:29,930:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0008_csr-certbot.pem
2021-08-13 21:06:29,930:DEBUG:acme.client:Requesting fresh nonce
2021-08-13 21:06:29,930:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-08-13 21:06:30,165:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-08-13 21:06:30,166:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 13 Aug 2021 11:06:30 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001ImJAPZ56-QynI_IElPk7WQU5fUsf0giY3T065kCHneE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-08-13 21:06:30,166:DEBUG:acme.client:Storing nonce: 0001ImJAPZ56-QynI_IElPk7WQU5fUsf0giY3T065kCHneE
2021-08-13 21:06:30,166:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "*.eddienetwoks.ddnsfree.com"\n    },\n    {\n      "type": "dns",\n      "value": "eddienetworks.ddnsfree.com"\n    }\n  ]\n}'
2021-08-13 21:06:30,169:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5NzU4MTcwIiwgIm5vbmNlIjogIjAwMDFJbUpBUFo1Ni1ReW5JX0lFbFBrN1dRVTVmVXNmMGdpWTNUMDY1a0NIbmVFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "UoCoZrfp4vb2DQk46EzTX1Stspu697S7k7djDm6ILKQHJo9gyxAiBbT1ee0VIbALBsopXMdWNLIhspT8R60sQ0xNXHfZdXJtrrffCDOWxxYNNn8aSf85g3vYGqur5rVpKHOeewUg1ilF2NoIE3CAcn5vj3RmVNAnO1BZ8HaMrDBnpWIPJ3Ae3DEv2Wzk_GP3aed5vxz8m70JGRDgCXBJkSPOrAqBDBE34bRWDVVrwScjYK3Uy6C9hoIuFIDPolG1QKvhN0DIhW_82XbyohwzOfBpygtC7d46EB7DExeAa6b9fitHnersXjVPNuheGRQryBWwrBJEQsoSEpv993EWTQ",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIiouZWRkaWVuZXR3b2tzLmRkbnNmcmVlLmNvbSIKICAgIH0sCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsCiAgICAgICJ2YWx1ZSI6ICJlZGRpZW5ldHdvcmtzLmRkbnNmcmVlLmNvbSIKICAgIH0KICBdCn0"
}
2021-08-13 21:06:30,482:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 498
2021-08-13 21:06:30,482:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 13 Aug 2021 11:06:30 GMT
Content-Type: application/json
Content-Length: 498
Connection: keep-alive
Boulder-Requester: 159758170
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/159758170/16590241100
Replay-Nonce: 0002ccFVeeIRny-pMdGeT8Qz24ArWES0bDtK0WXLhrP2s74
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-08-20T11:06:30Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.eddienetwoks.ddnsfree.com"
    },
    {
      "type": "dns",
      "value": "eddienetworks.ddnsfree.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/21447314250",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/21467247630"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/159758170/16590241100"
}
2021-08-13 21:06:30,482:DEBUG:acme.client:Storing nonce: 0002ccFVeeIRny-pMdGeT8Qz24ArWES0bDtK0WXLhrP2s74
2021-08-13 21:06:30,483:DEBUG:acme.client:JWS payload:
b''
2021-08-13 21:06:30,485:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/21447314250:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5NzU4MTcwIiwgIm5vbmNlIjogIjAwMDJjY0ZWZWVJUm55LXBNZEdlVDhRejI0QXJXRVMwYkR0SzBXWExoclAyczc0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMTQ0NzMxNDI1MCJ9",
  "signature": "Zn4Jb7N6FAo7wxUugL5WLK2PRIBjuCyCMfcw5_C-2h3EVczfO51i-wGCyHxBD4cBfCxxZkkfmkczOlYeH04h0nyXFXgkaystvIYjr3uKWIoOXMf5eowMW7xstr8yGceIggxfNGlOy_A4L_RnMW30bm4VRSfhn4uPvkh_iswmoXdwliCaa6kHffCnHhFGO0oNqkK3WJjOKZH6_x-TVo0YQEXyMN5ecMWeRm9Xp_pq_5LZ5KF1k03uC0lMZ-ETM6PDH-MkeQ2r-fYY0I3dnBZ-KNr7_EXToCTeWqccHp7O0rtj9yvWAgQkc397Fb-v8EH-A0hrdczQVPCEabNwYB1f2w",
  "payload": ""
}
2021-08-13 21:06:30,741:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/21447314250 HTTP/1.1" 200 794
2021-08-13 21:06:30,742:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 13 Aug 2021 11:06:30 GMT
Content-Type: application/json
Content-Length: 794
Connection: keep-alive
Boulder-Requester: 159758170
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001NIr7krIzYQ01wc25A6d3i0gGnqbGMZ_wec7t9JGpkxY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "eddienetworks.ddnsfree.com"
  },
  "status": "valid",
  "expires": "2021-09-12T09:21:18Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/21447314250/uwKJug",
      "token": "CqY8wVzIxuk01U4K_4zKWbyK00UYUkNNs8K7vC0ZiMc",
      "validationRecord": [
        {
          "url": "http://eddienetworks.ddnsfree.com/.well-known/acme-challenge/CqY8wVzIxuk01U4K_4zKWbyK00UYUkNNs8K7vC0ZiMc",
          "hostname": "eddienetworks.ddnsfree.com",
          "port": "80",
          "addressesResolved": [
            "101.112.14.189"
          ],
          "addressUsed": "101.112.14.189"
        }
      ],
      "validated": "2021-08-13T09:21:17Z"
    }
  ]
}
2021-08-13 21:06:30,742:DEBUG:acme.client:Storing nonce: 0001NIr7krIzYQ01wc25A6d3i0gGnqbGMZ_wec7t9JGpkxY
2021-08-13 21:06:30,743:DEBUG:acme.client:JWS payload:
b''
2021-08-13 21:06:30,745:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/21467247630:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5NzU4MTcwIiwgIm5vbmNlIjogIjAwMDFOSXI3a3JJellRMDF3YzI1QTZkM2kwZ0ducWJHTVpfd2VjN3Q5Skdwa3hZIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMTQ2NzI0NzYzMCJ9",
  "signature": "SCdWXSvDoGIBZI1W66sVHi7Uq1vzheiWywhZtRkpF5Pslzh7PcS9gfxjJ7cBbNMvlBgukrAI6r0bSG7t-jFc4lct5KrEE9WvW8RngiDdwtt4pzjbx8U6mBAxvL5TAnlkIGKxk_Mtro78mBMklELPMGyBXPkH_1WIGOr2U2ePW4E_V1incONfIvwW7bRc70J6l977R6luzkHiMDBMZXec78qi5eV7nsaUetlNE9OKot97q3-lSeUi36FtY7Ki1TsNOqOSpvwCkxaRufr9C2CKIPfcaAT_ruDFYAieihgQKeFpARR6i9YaxJ4_L__OouSfkdjfKXmGbFawfJ0xDlX72g",
  "payload": ""
}
2021-08-13 21:06:30,986:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/21467247630 HTTP/1.1" 200 398
2021-08-13 21:06:30,987:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 13 Aug 2021 11:06:30 GMT
Content-Type: application/json
Content-Length: 398
Connection: keep-alive
Boulder-Requester: 159758170
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0002qTSicEHCCEV6wgo5DHf2peg6MsUJHvUI6I3OrOQarPk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "eddienetwoks.ddnsfree.com"
  },
  "status": "pending",
  "expires": "2021-08-20T11:06:30Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/21467247630/l2czOQ",
      "token": "ant27pT9Vjndw0aRvxLs--6DwW-j_agwmmAH1nMeWXY"
    }
  ],
  "wildcard": true
}
2021-08-13 21:06:30,987:DEBUG:acme.client:Storing nonce: 0002qTSicEHCCEV6wgo5DHf2peg6MsUJHvUI6I3OrOQarPk
2021-08-13 21:06:30,988:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-08-13 21:06:30,988:INFO:certbot._internal.auth_handler:dns-01 challenge for eddienetwoks.ddnsfree.com
2021-08-13 21:06:30,989:DEBUG:certbot.display.util:Notifying user: Please deploy a DNS TXT record under the name:

_acme-challenge.eddienetwoks.ddnsfree.com.

with the following value:

RcueeOD3ie3HkUyDW0w1gTy2_TqmtEnZ7VgVU0_aiXw

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.eddienetwoks.ddnsfree.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

2021-08-13 21:12:09,888:DEBUG:acme.client:JWS payload:
b'{}'
2021-08-13 21:12:09,890:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/21467247630/l2czOQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5NzU4MTcwIiwgIm5vbmNlIjogIjAwMDJxVFNpY0VIQ0NFVjZ3Z281REhmMnBlZzZNc1VKSHZVSTZJM09yT1FhclBrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yMTQ2NzI0NzYzMC9sMmN6T1EifQ",
  "signature": "hl5iuxj4JeH5J8-JaPQa_AvDb1MZ78COXKp2BC6nku6JV5KNCYfK3XXBrSWpr5Qnja1UkNQN4NNeQarBVFKgX1lhmI2TbvtD-gq1ykSH4ncCe5__8rH90vUZrG6w5SVGwn5EyX0HvsmhyxLgFd75F1VtrlCKbTENUQdRfy2KVUACE3KKiAP7Gofmaa9ZL9EQz7NKKQ6-RlOyLh7xqAhkAReV-EwThmvCWrUZim5-M8nXeUhF5yk-SFYWF1aHsBbSNvoymUB_LnkKEgunFEji-gMD03_JJDFvTkp8Xvh7WOWyxkodC8wolctQOp03chB7yxCKfbetJi6XROkwbVlj0g",
  "payload": "e30"
}
2021-08-13 21:12:09,892:DEBUG:urllib3.connectionpool:Resetting dropped connection: acme-v02.api.letsencrypt.org
2021-08-13 21:12:13,050:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/21467247630/l2czOQ HTTP/1.1" 400 173
2021-08-13 21:12:13,051:DEBUG:acme.client:Received response:
HTTP 400
Server: nginx
Date: Fri, 13 Aug 2021 11:12:12 GMT
Content-Type: application/problem+json
Content-Length: 173
Connection: keep-alive
Boulder-Requester: 159758170
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102W1rjrJfvHGSDdmOFMcuqaV4J5OdI9YyN1Mix5c1gzgc

{
  "type": "urn:ietf:params:acme:error:badNonce",
  "detail": "JWS has an invalid anti-replay nonce: \"0002qTSicEHCCEV6wgo5DHf2peg6MsUJHvUI6I3OrOQarPk\"",
  "status": 400
}
2021-08-13 21:12:13,051:DEBUG:acme.client:Retrying request after error:
urn:ietf:params:acme:error:badNonce :: The client sent an unacceptable anti-replay nonce :: JWS has an invalid anti-replay nonce: "0002qTSicEHCCEV6wgo5DHf2peg6MsUJHvUI6I3OrOQarPk"
2021-08-13 21:12:13,052:DEBUG:acme.client:Requesting fresh nonce
2021-08-13 21:12:13,052:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-08-13 21:12:13,251:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-08-13 21:12:13,252:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 13 Aug 2021 11:12:13 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102HFAceYA8sANo4Lw4dmNEBYZl4z6YmdLzs_7fnJ0RCXI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-08-13 21:12:13,252:DEBUG:acme.client:Storing nonce: 0102HFAceYA8sANo4Lw4dmNEBYZl4z6YmdLzs_7fnJ0RCXI
2021-08-13 21:12:13,252:DEBUG:acme.client:JWS payload:
b'{}'
2021-08-13 21:12:13,254:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/21467247630/l2czOQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5NzU4MTcwIiwgIm5vbmNlIjogIjAxMDJIRkFjZVlBOHNBTm80THc0ZG1ORUJZWmw0ejZZbWRMenNfN2ZuSjBSQ1hJIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yMTQ2NzI0NzYzMC9sMmN6T1EifQ",
  "signature": "PiWyMKqQiWC0sl0drwvcTUGLuVPXyRMhTzO7pg2fafTX7rwKAHoC_25AIMBVQI1iU-VNu1_9Q1RZPTkqMz9dkCqs-q1RFKREk5kwg2-wwqc7SkNsqGGG1aoQy1cLa3yyDvWPuXS8XjJGieiQHF1ZUE7HmvE72-jU0Vb11sZIjWEn28vBQOqiXDAs74DWykvWXNQYikA0jNdGKqCAaittXePgdmK_Tb8pWpHfEWMF9DfnlRsiwrySKtiUhvYjgIhtl33ifAOmygbA8pBJYgGeuXxveRL53IZY7a2IZQSS2zBMUV_2zhl1nuLjgdFnUof4pSc2Th6Pjmx8vy0gg4yQKA",
  "payload": "e30"
}
2021-08-13 21:12:13,523:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/21467247630/l2czOQ HTTP/1.1" 200 185
2021-08-13 21:12:13,524:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 13 Aug 2021 11:12:13 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 159758170
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/21467247630>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/21467247630/l2czOQ
Replay-Nonce: 010239NeCn3PejMRJeyT0nvdJgUuOQhux6QbC_-HewIPq-I
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/21467247630/l2czOQ",
  "token": "ant27pT9Vjndw0aRvxLs--6DwW-j_agwmmAH1nMeWXY"
}
2021-08-13 21:12:13,524:DEBUG:acme.client:Storing nonce: 010239NeCn3PejMRJeyT0nvdJgUuOQhux6QbC_-HewIPq-I
2021-08-13 21:12:13,525:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-08-13 21:12:14,526:DEBUG:acme.client:JWS payload:
b''
2021-08-13 21:12:14,528:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/21447314250:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5NzU4MTcwIiwgIm5vbmNlIjogIjAxMDIzOU5lQ24zUGVqTVJKZXlUMG52ZEpnVXVPUWh1eDZRYkNfLUhld0lQcS1JIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMTQ0NzMxNDI1MCJ9",
  "signature": "WaJHQBf5vHIObMGe43-7zt80S5rv11Z_0VdCGPxbVOiEC8R98I3t7g_1qqTJmtzN9Pz-tIlvnoMBOl_xkPVW-IxsbE_c5igKkvQ-kSkQuVCSOJymJSSOsz77at-PoiXXDiNCG-_H8LuhoOz8HW7t0TdcQzOeAFrcs0r84Odntgbk4lG2F5xtibe6_luOCtalF9HO544u5Nb5BhsalbZ_AXN-CS3zgSAMFDkSy5xcU7pgYYFfcEj2MH3uYSA7NhN7sWmwVUt1e3B4X1MDmYqBYW3ciWEm_T0Ws033j6TLNT72S-DN1YOhP0k9UiT73Sep7Kg4ECx52dZxyDNu1hwDgQ",
  "payload": ""
}
2021-08-13 21:12:14,763:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/21447314250 HTTP/1.1" 200 794
2021-08-13 21:12:14,764:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 13 Aug 2021 11:12:14 GMT
Content-Type: application/json
Content-Length: 794
Connection: keep-alive
Boulder-Requester: 159758170
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01026K-K6QJVynb-z5a1X4luGvb4uhRE281HRNPyzoOo9vs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "eddienetworks.ddnsfree.com"
  },
  "status": "valid",
  "expires": "2021-09-12T09:21:18Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/21447314250/uwKJug",
      "token": "CqY8wVzIxuk01U4K_4zKWbyK00UYUkNNs8K7vC0ZiMc",
      "validationRecord": [
        {
          "url": "http://eddienetworks.ddnsfree.com/.well-known/acme-challenge/CqY8wVzIxuk01U4K_4zKWbyK00UYUkNNs8K7vC0ZiMc",
          "hostname": "eddienetworks.ddnsfree.com",
          "port": "80",
          "addressesResolved": [
            "101.112.14.189"
          ],
          "addressUsed": "101.112.14.189"
        }
      ],
      "validated": "2021-08-13T09:21:17Z"
    }
  ]
}
2021-08-13 21:12:14,764:DEBUG:acme.client:Storing nonce: 01026K-K6QJVynb-z5a1X4luGvb4uhRE281HRNPyzoOo9vs
2021-08-13 21:12:14,765:DEBUG:acme.client:JWS payload:
b''
2021-08-13 21:12:14,767:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/21467247630:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU5NzU4MTcwIiwgIm5vbmNlIjogIjAxMDI2Sy1LNlFKVnluYi16NWExWDRsdUd2YjR1aFJFMjgxSFJOUHl6b09vOXZzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yMTQ2NzI0NzYzMCJ9",
  "signature": "OpT5BkB0YI_K9a4hXzJYiRCP56GNVkMv-9M7oocGw0rf4BZXq-cLN3rPr9mzR_2RbuHKBcTLafwpMhM_uqpMK-dahMZLaLIKAM3omJnSogNmaHwCmE6e49HTlLbCJUL_BrE67lY8qdTNWs80pL4KUK7kM4SisXlO9ZhiRlD-epBwIzdzJ-9q62wRH_8KYeTiEw3i6hgWbo028bzW_fsBNFcvDuniz1u5xlCkqVXb3jQP-V3geTD8cv89DESsmQWPoUOwM7bBhNv8cX5ZVopKkgSR0aJqU-kenPu67DeUUKmzhoTXdDzVqVaKoG3eOajv4yg_eDf_Z-0RFaKsxVhssg",
  "payload": ""
}
2021-08-13 21:12:15,030:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/21467247630 HTTP/1.1" 200 692
2021-08-13 21:12:15,031:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 13 Aug 2021 11:12:14 GMT
Content-Type: application/json
Content-Length: 692
Connection: keep-alive
Boulder-Requester: 159758170
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101v-adLVwyUdd9LAqXl1z77L-M4JbVY57gBO0iBn0oNb8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "eddienetwoks.ddnsfree.com"
  },
  "status": "invalid",
  "expires": "2021-08-20T11:06:30Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.eddienetwoks.ddnsfree.com - check that a DNS record exists for this domain",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/21467247630/l2czOQ",
      "token": "ant27pT9Vjndw0aRvxLs--6DwW-j_agwmmAH1nMeWXY",
      "validated": "2021-08-13T11:12:13Z"
    }
  ],
  "wildcard": true
}
2021-08-13 21:12:15,031:DEBUG:acme.client:Storing nonce: 0101v-adLVwyUdd9LAqXl1z77L-M4JbVY57gBO0iBn0oNb8
2021-08-13 21:12:15,031:INFO:certbot._internal.auth_handler:Challenge failed for domain eddienetwoks.ddnsfree.com
2021-08-13 21:12:15,032:INFO:certbot._internal.auth_handler:dns-01 challenge for eddienetwoks.ddnsfree.com
2021-08-13 21:12:15,032:DEBUG:certbot.display.util:Notifying user: 
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
  Domain: eddienetwoks.ddnsfree.com
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.eddienetwoks.ddnsfree.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the manually created DNS TXT records. Ensure that you created these in the correct location, or try waiting longer for DNS propagation on the next attempt.

2021-08-13 21:12:15,033:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-08-13 21:12:15,033:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-08-13 21:12:15,034:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-08-13 21:12:15,034:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.16.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3.9/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1552, in main
    return config.func(config, plugins)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1414, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 117, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/renewal.py", line 333, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 375, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 425, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-08-13 21:12:15,036:ERROR:certbot._internal.log:Some challenges have failed.

Note: I had this domain in another server and want to move to this one. I revoked and delete the certificates and keys in that one.

Thanks,

1 Like
2

Hi @eddie, and welcome to the LE community forum :slight_smile:

I see you are using --manual authentication to obtain a wildcard cert.
Have you done it this way before, or is this the first time doing it this way?

Please only use revoke when the private keys have been compromised or have been exposed to compromise. Using revoke consumes valuable resources that don't seem to have been needed in this case.

Please show the current Internet IP(s) for the system with:
curl -4 ifconfig.co
curl -6 ifconfig.co

1 Like
3

Hi,

This is the first time I ran that command in that machine (reverse proxy). I had done it previously in the machine that was hosting my website. They are under the same network, though.

Here are the outputs of the commands you asked me:

-> curl -4 ifconfig.co                                                                                                    
101.112.14.189

-> curl -6 ifconfig.co                                                                                                    
2405:6e00:ee0:a901:d457:16ff:fefd:e38d

Thanks

1 Like
4

OK, --manual authentication is very manual (zero automation).
And wildcard certs require DNS TXT records to be added when prompted to do so.
The lined video doesn't seem to cover either of those.
So, can you give more detail about the failed process?
How are you entering the required TXT records?
Did you wait long enough for those entries to synchronize to all the DNS zone servers?

1 Like
5

Well, I just followed the video. So I first generated the ssl certificate for the domain without the * (certbot --nginx). Second, I ran the command:
'''
certbot certonly --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory -d '*.eddienetwoks.ddnsfree.com' -d eddienetworks.ddnsfree.com -v
'''
And from there I chose the Expand option, which gave a string. From there I went Dynu.com and edited (I also deleted and recreated) the _acme-challenge record, pasting the string there. Then I checked if the new string was updated with the new one with:

dig -t TXT _acme-challenge.eddienetworks.ddnsfree.com

After the record being updated (sometimes even 30min after that) I finished the process with the error result.

I just wonder what could be the problem because I followed the tutorial in the server where the files are
(Ubuntu, Apache) with success and now I am getting this error in the proxy (Alpine, Nginx).

1 Like
6

Btw,

I am in the middle of the proccess of doing it again.

Please deploy a DNS TXT record under the name:

_acme-challenge.eddienetwoks.ddnsfree.com.

with the following value:

bkhkOHLzhkK2swYrVFJXbzuq0NHHTc6FLs

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.eddienetwoks.ddnsfree.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

;; ANSWER SECTION:
_acme-challenge.eddienetworks.ddnsfree.com. 120 IN TXT "bkhkOHLzhkK2swYrVFJXbzuq0NHHTc6FLs"

It is 7:17PM. I will edit this post when I finish the command

1 Like
8

I think I see a TYPO:

2 Likes
9

Shame on me! Restarting the process. I already got the new text record. I'll wait 30min

1 Like
10

No need to wait 30 minutes.
You only need to wait until the authoritative DNS servers have synchronized.
Check them with dig or nslookup.
dig -t TXT _acme-challenge.eddienetworks.ddnsfree.com. @ns0.dynu.com.
dig -t TXT _acme-challenge.eddienetworks.ddnsfree.com. @ns1.dynu.com.
dig -t TXT _acme-challenge.eddienetworks.ddnsfree.com. @ns2.dynu.com.
dig -t TXT _acme-challenge.eddienetworks.ddnsfree.com. @ns3.dynu.com.
dig -t TXT _acme-challenge.eddienetworks.ddnsfree.com. @ns5.dynu.com.
dig -t TXT _acme-challenge.eddienetworks.ddnsfree.com. @ns6.dynu.com.

nslookup -q=txt _acme-challenge.eddienetworks.ddnsfree.com. ns0.dynu.com.
nslookup -q=txt _acme-challenge.eddienetworks.ddnsfree.com. ns1.dynu.com.
nslookup -q=txt _acme-challenge.eddienetworks.ddnsfree.com. ns2.dynu.com.
nslookup -q=txt _acme-challenge.eddienetworks.ddnsfree.com. ns3.dynu.com.
nslookup -q=txt _acme-challenge.eddienetworks.ddnsfree.com. ns5.dynu.com.
nslookup -q=txt _acme-challenge.eddienetworks.ddnsfree.com. ns6.dynu.com.

[note: NS4 not seen in active list]

1 Like
11

Done. Such I shame.

The fact that I use zsh and it auto-fills the field made me overlook the typo.

Thank you very much @rg305

2 Likes
12

Glad you got your cert @eddie :slight_smile:
Cheers from Miami :beers:

#FreeCuba

1 Like
13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.