My domain is: avisbude.info
I ran this command in a script :
certbot certonly
–manual
–non-interactive
–manual-public-ip-logging-ok
–preferred-challenges dns
–server https://acme-v02.api.letsencrypt.org/directory
–manual-auth-hook ./authenticator.sh
–manual-cleanup-hook ./cleanup.sh
–cert-name {1} \
--domains {1},*.${1}
It produced this output:
#=> ./new ‘avisbude.info’
Saving debug log to /macports/var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for avisbude.info
dns-01 challenge for avisbude.info
Running manual-auth-hook command: ./authenticator.sh
manual-auth-hook command “./authenticator.sh” returned error code -4
Running manual-auth-hook command: ./authenticator.sh
Output from manual-auth-hook command authenticator.sh:
258723
Waiting for verification…
Challenge failed for domain avisbude.info
dns-01 challenge for avisbude.info
Cleaning up challenges
Running manual-cleanup-hook command: ./cleanup.sh
Running manual-cleanup-hook command: ./cleanup.sh
manual-cleanup-hook command “./cleanup.sh” returned error code -4
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: avisbude.info
Type: unauthorized
Detail: Incorrect TXT record
“Nq-7S4ic5llY4v6UTPd-AH55pGcEDUwJB_8xdnfv4YQ” found at
_acme-challenge.avisbude.infoTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
root@0125000629 10:05:09 /Volumes/Bjarne/Sites/bin/letsencrypt
#=>
My web server is (include version): n/a
The operating system my web server runs on is (include version): MacOS 10.6 w/ MacPorts
My hosting provider, if applicable, is: n/a
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.35.1
What’ wondering me is :
- why does certbot try twice ; the reason seems to be that I’ve specified 2 domains ; but if I’ve understood things correctly, only one cert / try ought to be created. If I only specify one domain, only one dns try i generated.
- why does my authtenticator.sh script fail on the 1st try with error -4 ; sometimes only the 1st try fails ; sometimes both tries fails.
- what is error -4
My authenticator.sh and cleanup.sh script execute perfectly from the command line ; and as you can see, they did complete correctly for the 2nd dns try. And when I use them in a renew script, there’s no problems at all.
The reason the whole process fails, is, that the 1st try seems to get the auth value from the 2nd try when accessing the TXT record.
