SSL Cert Renewal Error "Incorrect TXT Record" PLEASE HELP

I don’t think I understand what you mean? “That is the text that is online”?

Where did you put the TXT record?

That’s

pnuTDyCWTcFcx96YybX1iHdqWJKdqwcHA5vRtobPz9g

the value that is visible. Is this your last value? Looks like you use the wrong place to create / change that TXT entry.

I created / changed the TXT entry in DNS Manager(Windows). Other New Record > Create TXT > Create Record > Record Name= _acme-challenge.summitstonehealth.org > Text= “Key generated from Free SSL Certificate Wizard”

Does that make sense? You know far more about this than I do.

Thank you

You see:

12. TXT - Entries

Domainname TXT Entry Status ∑ Queries ∑ Timeout
summitstonehealth.org v=spf1 include:spf.protection.outlook.com -all ok 1 0
summitstonehealth.org MS=ms16979106 ok 1 0
summitstonehealth.org MS=ms53176966 ok 1 0
www.summitstonehealth.org MS=ms53176966 ok 1 0
www.summitstonehealth.org MS=ms16979106 ok 1 0
www.summitstonehealth.org v=spf1 include:spf.protection.outlook.com -all ok 1 0
_acme-challenge.summitstonehealth.org pnuTDyCWTcFcx96YybX1iHdqWJKdqwcHA5vRtobPz9g looks good 1 0
_acme-challenge.www.summitstonehealth.org TW3FBpEyjSuEJBYhh5Kiad4P_LfhEpBgMkbMqA8Fzrg looks good 1 0

Nothing has changed.

That's not your public name server. You have to check your domain registration menu - ns1.greenhostco.net.

PS: And in your menu, you must see all these entries. If not, you use the wrong place.

All I’m trying to do i verify ownership of the domain before I receive a Cert. Why am I getting the error “Incorrect TXT record “pnuTDyCWTcFcx96YybX1iHdqWJKdqwcHA5vRtobPz9g” found at _acme-challenge.summitstonehealth.org” ?

Hi @Brain0030,

Are you aware that the value you have to post is different every time? So if you started the process at one point and were told to post this value, but then started over again later on, you would be given a new value which you’d have to post instead of the original one. For example, perhaps pnuTDyCWTcFcx96YybX1iHdqWJKdqwcHA5vRtobPz9g pertains to a different certificate request than your most recent request.

You are doing something completely wrong. Please share a screenshot.

Your "DNS Active Directory" may be only a local DNS. But not the public DNS of your domain.

I entered this value > 74fqi5H-aznjXJa_IVp3OkjA8760L90FV_1pfh3hD6E (waited 12 hours) and it returned an error for this value > “Incorrect TXT record “pnuTDyCWTcFcx96YybX1iHdqWJKdqwcHA5vRtobPz9g” found at _acme-challenge.summitstonehealth.org”

Is this the menu of your hoster - ns1.greenhostco.net?

I don’t think.

Looks like a private Windows configuration, not relevant.

Wrong place ->doesn’t work.

Ok, thank you.

The expired domain comes back as
*.summitstonehealth.org

How would I find where to renew the cert?
I don't know what ns1.greenhostco.net is

That's your name server, there you have to create the TXT record.

Why is the domain expired? The domain must be active, you must be the domain owner. And you have to proof that.

It’s not expired yet, but will be in 20 days. Just received a notice.

Alsop, I don’t have a server named ns1.greenhostco.net in my environment.

Are you referring to a a hosting company?

A post was split to a new topic: Expired certificate problem

That may be your hoster or your separate domain provider.

Where did you buy your domain?

@JuergenAuer @schoen Looks like @Brain0030 got it up and running.

Rip

There is an older certificate

CN=summitstonehealth.org
	12.06.2019
	10.09.2019
expires in 62 days	ipv6.summitstonehealth.org, 
mail.summitstonehealth.org, 
summitstonehealth.org, www.summitstonehealth.org - 4 entries

But there

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-07-10 2019-10-08 *.summitstonehealth.org - 1 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-06-12 2019-09-10 ipv6.summitstonehealth.org, mail.summitstonehealth.org, summitstonehealth.org, www.summitstonehealth.org - 4 entries

is a new wildcard certificate.

@Brain0030

That looks good, now you have found the correct place.

And the TXT entry is new ( https://check-your-website.server-daten.de/?q=summitstonehealth.org#txt ):

12. TXT - Entries

Domainname TXT Entry Status ∑ Queries ∑ Timeout
summitstonehealth.org MS=ms16979106 ok 1 0
summitstonehealth.org v=spf1 include:spf.protection.outlook.com -all ok 1 0
summitstonehealth.org MS=ms53176966 ok 1 0
www.summitstonehealth.org MS=ms53176966 ok 1 0
www.summitstonehealth.org v=spf1 include:spf.protection.outlook.com -all ok 1 0
www.summitstonehealth.org MS=ms16979106 ok 1 0
_acme-challenge.summitstonehealth.org Mnue32k9JhK7RKWWQ0TqQiHYdz69aX3V0c4XjmLSrBI looks good 1 0
_acme-challenge.www.summitstonehealth.org TW3FBpEyjSuEJBYhh5Kiad4P_LfhEpBgMkbMqA8Fzrg looks good

But one thing isn't good:

You have created a certificate with *.summitstonehealth.org. But you should create a certificate with both domain names *.summitstonehealth.org summitstonehealth.org. So you can use the certificate with the main domain.

And you should fix your wrong ipv6 configuration.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.