I ran this command: le64 --key account.key --email "firstname.lastname@example.org" --csr lifesrain.csr --csr-key lifesrain.key --crt lifesrain.crt --generate-missing --domains "*.lifesrain.com" --handle-as dns
It produced this output: Domain verification results for '*.lifesrain.com': error. During secondary validation: Remote PerformValidation RPC failed
2022/07/12 08:46:22 You can now delete '_acme-challenge.lifesrain.com' DNS record
2022/07/12 08:46:22 All verifications failed
My web server is (include version): Apache 2.4.54
The operating system my web server runs on is (include version): CloudLinux 6.x
My hosting provider, if applicable, is: Namecheap (+10 yrs)
I can login to a root shell on my machine (yes or no, or I don't know): No
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel 102.0.18
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): Crypt::LE client v0.38
I've been performing manual cert generation/installation using the DNS approach (because I couldn't get default http to work) for over a year. Now I'm trying to replace "www.<domain.ext>, <domain.ext>, mail.<domain.ext>" with *.<domain.ext>. I'm getting the result noted above.
The command/output noted above is for a subdomain but I've also tried it with the primary domain and got the identical result. nslookup was used to confirm the dns txt record  can be found &  contains correct "validation key":
C:\Windows\System32>nslookup -q=TXT _acme-challenge.lifesrain.com Server: UnKnown Address: 18.104.22.168 Non-authoritative answer: _acme-challenge.lifesrain.com text = "9C4n1W4wV42t7uv2JTzX2HIrDr2fnUr9UG9_uG3BRVM" C:\Windows\System32>
Using the wildcard would cut copy/paste time (and commensurate potential errors due to current manual process) by 2/3. Why does the ownership verification fail when replacing identification of each domain with the wildcard?