Hello,
today I wanted to create a certificate for my duckdns.org domain and also a wildcard certificate for all subdomains.
So far everything works fine and I used a script as a manual-auth-hook to add the TXT-record to my domain.
When creating a certificate for just one domain everything is fine but DuckDNS does something weird. It uses the same TX-record for all its subdomains. which means that I would only need to add 1 record but since I have two domains in my command I get two TXT-records that I would need to add?
And somehow that throws everything off.
When I just run the command a few times it actually works but when I try to renew the certs I get to the same problem.
It works after some trys but that's basically luck. And when I automate the renewal I don't want to run the command multiple times until I get the correct return....
My domain is: runnerlights.duckdns.org
I ran this command:
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.runnerlights.duckdns.org -d runnerlights.duckdns.org --manual --manual-auth-hook /home/homeassistant/Scripts/DuckDNS-TXT/addtxt.sh --preferred-challenges dns-01 certonly
sudo certbot --dry-run renew
It produced this output:
Saving debug log to /var/letsencrypt/log/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for runnerlights.duckdns.org
dns-01 challenge for runnerlights.duckdns.org
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.Are you OK with your IP being logged?
(Y)es/(N)o: y
Output from LetsEncrypt_DuckDNS_update.sh:
OK
QzrWPGpwsyCQgDLwMOZUJxHWETWBCnzIOMZT7GIHTDw
UPDATED
Output from LetsEncrypt_DuckDNS_update.sh:
OK
IIw4pkAc3AO-lCrnvvaWL-kIzKvce_ub7r-L0JgjfNM
UPDATED
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. runnerlights.duckdns.org (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lac ks sufficient authorization :: Incorrect TXT record "IIw4pkAc3AO-lCrnvvaWL-kIzKvce_ub7r-L0JgjfNM" found at _acme-challenge.r unnerlights.duckdns.orgIMPORTANT NOTES:
The following errors were reported by the server:
Domain: runnerlights.duckdns.org
Type: unauthorized
Detail: Incorrect TXT record
"IIw4pkAc3AO-lCrnvvaWL-kIzKvce_ub7r-L0JgjfNM" found at
_acme-challenge.runnerlights.duckdns.orgTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
A Raspberry Pi
The operating system my web server runs on is (include version):
Raspbian Stretch with Kernel 4.14
My hosting provider, if applicable, is:
the DNS hosting is provoíded by duckdns.org
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No