SSL certificate renwal

mrjunaidali · October 6, 2019, 7:37am

hi, i have a lightsail instance and I am trying to renew my SSL certificate but I am not able to do so.
My domain is phimed.org and DNS is hosted on route53.

on running command it gives me challenge to enter against txt record but authentication is not going through.
Command : sudo certbot certonly --manual -d ‘phimed.org’ -d ‘*.phimed.org’

after updating TXT records getting following on authorization

Failed authorization procedure. phimed.org (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challeng
e.phimed.org

JuergenAuer · October 6, 2019, 8:08am

Hi @mrjunaidali

there are some checks of your domain - https://check-your-website.server-daten.de/?q=phimed.org

No TXT entry is visible, not a correct, not a wrong.

Compare it with

Two of these entries with the same domain name are required if you want to create such a certificate with a wildcard and the main domain.

ns-cloud-e1.googledomains.com is your name server. There you have to add the entries.

Perhaps create manual such an entry (without starting certbot), then recheck the domain to see, if the entry is visible.

rg305 · October 6, 2019, 9:48am

It looks like you managed to get your first cert almost 3 months ago and this is your first renewal.
Perhaps you did not write down exactly all the steps taken to get the original cert.
Or something has changed since then…

You mention ROUTE53 DNS hosting but the authoritative nameservers are seen as:
phimed.org nameserver = ns-cloud-e1.googledomains.com
phimed.org nameserver = ns-cloud-e4.googledomains.com
phimed.org nameserver = ns-cloud-e2.googledomains.com
phimed.org nameserver = ns-cloud-e3.googledomains.com

mrjunaidali · October 6, 2019, 11:03am

Thanks for your reply. is there any alternative way to verify renewal without touching DNS? like uploading some verification files to server?

Thanks,

JuergenAuer · October 6, 2019, 11:04am

Read

If you want to create a wildcard certificate, dns - validation is required.

mrjunaidali · October 7, 2019, 6:46am

Thanks for your support! Yes it’s using google DNS . Will try again .

Thanks again for your quick support.

system · November 6, 2019, 6:46am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.