I've followed this toturial (https://community.hetzner.com/tutorials/server-monitoring-using-grafana-and-influxdb), to set up influxdb and grafana on my server. However, I am not sure what the _acme-challenge files need to hold. I have generated a personal DNS token from Hetzner, put it in the _acme-challenge but no luck (see below). When this token is put in, I also get incorrect TXT record.
I have also added the hetzner nameservers in the _acme-challenge files, but this also does not work. I am just trying, but perhaps someone can help me out here. Much appreciated.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: grafana.sonnem.nl
Type: unauthorized
Detail: Incorrect TXT record "helium.ns.hetzner.de." found at
_acme-challenge.grafana.sonnem.nl
Domain: influx.sonnem.nl
Type: unauthorized
Detail: Incorrect TXT record "helium.ns.hetzner.de." found at
_acme-challenge.influx.sonnem.nl
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
NGINX
The operating system my web server runs on is (include version):
Ubuntu 20.0.8
My hosting provider, if applicable, is:
Namecheap as hosting provider, server is from Hetzner. Advanced DNS as follows:
A Record
@
116.203.157.240
A Record
grafana
116.203.157.240
A Record
influx
116.203.157.240
TXT Record
_acme-challenge.grafana
helium.ns.hetzner.de.
Remove
TXT Record
_acme-challenge.influx
helium.ns.hetzner.de.
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0
Also, could you perhaps clarify the following bit?
What exact role does Namecheap have? You say "hosting provider", which usually means the company providing either the shared hosting platform or the VPS server. But you also say the server is from Hetzner? Which one does what exactly? Especially, who's the DNS service provider?
Edit: Dug a little bit further and it seems your DNS service provider is Namecheap. Well, you obviously can't change Namecheap settings using a Hetzner token.. Also, looking at the current TXT record value, it seems you might have tried to "redirect" the TXT resource record to the "helium" nameserver of Hetzner? Not in a correct way by the way, but that doesn't matter, because if I request anything regarding your domain from helium.ns.hetzner.de, the server returns a "REFUSED" status. Which makes sense if Hetzner is just providing your the hosting server, but not the DNS service.
Another note: do you actually require the dns-01 challenge? Why not simply use the http-01 challenge for those two hostnames? That would make your life MUCH easier..
Thanks for your quick reply. Yes, my DNS service provider is namecheap. I would prefer the road of least resistance, if you have any better suggestions; please let me know. I do not require the dns-01 challenge, if the other what you said is simpler; I would do that. I am however, not familiar with a lot of this.
The tutorial you've followed makes it a little bit harder to "walk the easy path", as it seems it has nginx configured already, but with non-existing certificate/private key values. Making nginx actually fail to start. My suggestion is to modify part 5, "Step 5 - Install Nginx" of the tutorial as follows:
don't set up the proxy_pass redirects yet;
just make two server {} blocks using HTTP on port 80 first
these server blocks just need a listen and server_name directive, nothing more
get the certificate using sudo certbot --nginx
Certbot should have generated two HTTPS server blocks from the stubs you made above
And a redirect for HTTP to HTTPS
now you can modify the now HTTPS stubs to incorporate the location/proxy_pass stuff
Now, I don't have much nginx experience and perhaps the stubs require a little bit more than just listen/server_name, but I'd try the above first if I were you
