SSL Cert Renewal - AWS LightSail

virasim · September 14, 2020, 10:23am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: pizzapalpatha.com

I ran this command: ```
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly


It produced this output:Failed authorization procedure. pizzapalpatha.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.pizzapalpatha.com - ch
eck that a DNS record exists for this domain

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: pizzapalpatha.com
   Type:   None
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.pizzapalpatha.com - check that a DNS record exists
   for this domain

My web server is (include version):WordPress

The operating system my web server runs on is (include version):Linux 

My hosting provider, if applicable, is:AWS

I can login to a root shell on my machine (yes or no, or I don't know):I Don't Know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):Yes AWS LightSail

The version of my client is (e.g. output of `certbot --version` or `certbot-auto --version` if you're using Certbot):(0.31.0-1+ubuntu16.04.1+certbot+1)

rg305 · September 14, 2020, 10:27am

Do you understand the DNS authentication process?
Did you create the TXT record as requested?

I see records for: _acme-challenge.pizzapalpatha.com.pizzapalpatha.com

virasim · September 14, 2020, 10:28am

Thank you for your quick response. Yes I did add the TXT record. Note: Im very new to this topic, so bear with me.

rg305 · September 14, 2020, 10:29am

You need to add the record as “_acme-challenge” ONLY
NOT as “_acme-challenge.pizzapalpatha.com”.

You can delete all the records you created.

virasim · September 14, 2020, 10:30am

Oh ok. Let me try now. Thanks

JuergenAuer · September 14, 2020, 10:30am

Hi @virasim

checking your domain there is no TXT record visible - see https://check-your-website.server-daten.de/?q=pizzapalpatha.com#txt

Good news: There is no wrong TXT record visible.

The marked position - there are two entries required.

Share a screenshot or start again, create the required two TXT entries, recheck your domain. Then your entries should be visible.

PS: Curious: Checking your domain manual there are entries.

virasim · September 14, 2020, 10:32am

You mean two TXT records, i.e. 1 with _acme-challenge.pizzapalpatha.com and next _acme-challenge ?

virasim · September 14, 2020, 10:39am

I tried the above, but I received the same error.

rg305 · September 14, 2020, 11:41am

In your DNS control page DON'T add the domain to the record.
It puts the entire name you enter to the left of ".pizzapalpatha.com"
So if you add a record for "_acme-challenge.pizzapalpatha.com" it will create a record as:
_acme-challenge.pizzapalpatha.com.pizzapalpatha.com
Simpler: If you create WWW, then it creates:
WWW.pizzapalpatha.com
You don't have to say the domain at the domain page.

rg305 · September 14, 2020, 11:43am

As far as the TWO records, yes, you will need two records but they will both have the same name.
Merely two different contents (for the same record).

JuergenAuer · September 14, 2020, 4:07pm

2 posts were split to a new topic: Site is not fully secure

system · October 14, 2020, 4:07pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.