SSL Cert Renewal Error "Incorrect TXT Record" PLEASE HELP

I entered the TXT record I received from Free SSL Certificate into the DNS Active Directory. I waited 20 minutes for propagation and clicked next on the Free SSL Certificate to verify ownership. I receive an error "Incorrect TXT record “pnuTFTCWTcFcx961ybX1iHdq6JKdqwc124vRtobPz9g” found at _acme-challenge.summitstonehealth.org.

Here’s something that is curious, no matter which RSA Key that the Free SSL Cert provides me, and that I enter in the TXT record, I still get the same Error return of "Incorrect TXT record “pnuTFTCWTcFcx961ybX1iHdq6JKdqwc124vRtobPz9g” found at _acme-challenge.summitstonehealth.org

Hi @Brain0030

that’s the TXT that is online ( https://check-your-website.server-daten.de/?q=summitstonehealth.org#txt ):

12. TXT - Entries

Domainname TXT Entry Status ∑ Queries ∑ Timeout
summitstonehealth.org v=spf1 include:spf.protection.outlook.com -all ok 1 0
summitstonehealth.org MS=ms53176966 ok 1 0
summitstonehealth.org MS=ms16979106 ok 1 0
www.summitstonehealth.org MS=ms53176966 ok 1 0
www.summitstonehealth.org MS=ms16979106 ok 1 0
www.summitstonehealth.org v=spf1 include:spf.protection.outlook.com -all ok 1 0
_acme-challenge.summitstonehealth.org pnuTDyCWTcFcx96YybX1iHdqWJKdqwcHA5vRtobPz9g looks good 1 0
_acme-challenge.www.summitstonehealth.org TW3FBpEyjSuEJBYhh5Kiad4P_LfhEpBgMkbMqA8Fzrg looks good 1 0

Your name server is ns1.greenhostco.net. Did you used this nameserver?

You have a lot of certificates:

Last is from 2019-06-12. So I don’t understand why you create a new certificate.

And your configuration has a great bug. You have an ipv6 address:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
summitstonehealth.org A 173.233.68.171 Latham/New York/United States (US) - Turnkey Internet Inc.
Hostname: 173-233-68-171.static.as40244.net yes 2 0
AAAA 2604:7c00:18:12::1de Traverse City/Michigan/United States (US) - Turnkey Internet Inc. yes

But your ipv6 has a timeout. So if users prefer ipv6, your site doesn’t answer.

That blocks using http-01 validation.

Last: There are open cPanel ports:

summitstonehealth.org 2083 cPanel (SSL) open
summitstonehealth.org 2087 WHM SSL open

Isn’t there an integrated cPanel Letsencrypt solution?

I don’t think I understand what you mean? “That is the text that is online”?

Where did you put the TXT record?

That’s

pnuTDyCWTcFcx96YybX1iHdqWJKdqwcHA5vRtobPz9g

the value that is visible. Is this your last value? Looks like you use the wrong place to create / change that TXT entry.

I created / changed the TXT entry in DNS Manager(Windows). Other New Record > Create TXT > Create Record > Record Name= _acme-challenge.summitstonehealth.org > Text= “Key generated from Free SSL Certificate Wizard”

Does that make sense? You know far more about this than I do.

Thank you

You see:

12. TXT - Entries

Domainname TXT Entry Status ∑ Queries ∑ Timeout
summitstonehealth.org v=spf1 include:spf.protection.outlook.com -all ok 1 0
summitstonehealth.org MS=ms16979106 ok 1 0
summitstonehealth.org MS=ms53176966 ok 1 0
www.summitstonehealth.org MS=ms53176966 ok 1 0
www.summitstonehealth.org MS=ms16979106 ok 1 0
www.summitstonehealth.org v=spf1 include:spf.protection.outlook.com -all ok 1 0
_acme-challenge.summitstonehealth.org pnuTDyCWTcFcx96YybX1iHdqWJKdqwcHA5vRtobPz9g looks good 1 0
_acme-challenge.www.summitstonehealth.org TW3FBpEyjSuEJBYhh5Kiad4P_LfhEpBgMkbMqA8Fzrg looks good 1 0

Nothing has changed.

That’s not your public name server. You have to check your domain registration menu - ns1.greenhostco.net.

PS: And in your menu, you must see all these entries. If not, you use the wrong place.

All I’m trying to do i verify ownership of the domain before I receive a Cert. Why am I getting the error “Incorrect TXT record “pnuTDyCWTcFcx96YybX1iHdqWJKdqwcHA5vRtobPz9g” found at _acme-challenge.summitstonehealth.org” ?

Hi @Brain0030,

Are you aware that the value you have to post is different every time? So if you started the process at one point and were told to post this value, but then started over again later on, you would be given a new value which you’d have to post instead of the original one. For example, perhaps pnuTDyCWTcFcx96YybX1iHdqWJKdqwcHA5vRtobPz9g pertains to a different certificate request than your most recent request.

You are doing something completely wrong. Please share a screenshot.

Your “DNS Active Directory” may be only a local DNS. But not the public DNS of your domain.

I entered this value > 74fqi5H-aznjXJa_IVp3OkjA8760L90FV_1pfh3hD6E (waited 12 hours) and it returned an error for this value > “Incorrect TXT record “pnuTDyCWTcFcx96YybX1iHdqWJKdqwcHA5vRtobPz9g” found at _acme-challenge.summitstonehealth.org”

Is this the menu of your hoster - ns1.greenhostco.net?

I don’t think.

Looks like a private Windows configuration, not relevant.

Wrong place ->doesn’t work.

Ok, thank you.

The expired domain comes back as
*.summitstonehealth.org

How would I find where to renew the cert?
I don’t know what ns1.greenhostco.net is

That’s your name server, there you have to create the TXT record.

Why is the domain expired? The domain must be active, you must be the domain owner. And you have to proof that.

It’s not expired yet, but will be in 20 days. Just received a notice.

Alsop, I don’t have a server named ns1.greenhostco.net in my environment.

Are you referring to a a hosting company?

A post was split to a new topic: Expired certificate problem

That may be your hoster or your separate domain provider.

Where did you buy your domain?

@JuergenAuer @schoen Looks like @Brain0030 got it up and running.

Rip