The client lacks sufficient authorization :: No TXT record found at _acme-challenge.bigbluebutton.4cpubiz.com

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
domain name: bigbluebutton.4cpubiz.com
I ran this command:
./bbb-install.sh -v xenial-22 -s bigbluebutton.4cpubiz.com -l -x -e ruben@4cpubiz.com
It produced this output:
See error below
My web server is (include version):

The operating system my web server runs on is (include version):
using Ubuntu 16.04.7 LTS (GNU/Linux 4.15.0-1083-gcp x86_64)
DNS record is managed by yahoo small biz.

My hosting provider, if applicable, is:


I can login to a root shell on my machine (yes or no, or I don’t know):
YES
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

error:
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. bigbluebutton.4cpubiz.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge.bigbluebutton.4cpubiz.com

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: bigbluebutton.4cpubiz.com
    Type: unauthorized
    Detail: No TXT record found at
    _acme-challenge.bigbluebutton.4cpubiz.com

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

Hi @cliep

your setup can’t work, see your check https://check-your-website.server-daten.de/?q=bigbluebutton.4cpubiz.com

You have a wildcard CNAME:

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
bigbluebutton.4cpubiz.com A 35.238.96.1 Council Bluffs/Iowa/United States (US) - Google LLC Hostname: 1.96.238.35.bc.googleusercontent.com yes 1 0
AAAA yes
www.bigbluebutton.4cpubiz.com CNAME sbsfe-p11r.geo.mf0.yahoodns.net yes 1 0
A 67.195.197.25 New York/United States (US) - Oath Holdings Inc. Hostname: p11ats-rhel.geo.vip.bf1.yahoo.com yes
*.4cpubiz.com A yes
AAAA yes
CNAME sbsfe-p11r.geo.mf0.yahoodns.net yes
*.bigbluebutton.4cpubiz.com A yes
AAAA yes
CNAME sbsfe-p11r.geo.mf0.yahoodns.net yes

So the required _acme-challenge.bigbluebutton.4cpubiz.com is an alias of sbsfe-p11r.geo.mf0.yahoodns.net.

But I don’t think that script ./bbb-install.sh is able to create there the required TXT entry.

Do you really need a wildcard with dns validation? Or is it possible to use http-validation?

1 Like

Thank you for your response. In order to have the Bigbluebutton video conference server to be seen, it must have an SSL certificate. I ran it on a digital ocean VM instance last year. The same installation as above and it worked out fine. here is that URL: bigbluebutton.page1onweb.com and it worked out fine. It is also hosted on smallbiz.yahoo.com.

I am at a loss. Can’t figure it out.

here is the information on that certificate;
GeneralDetails

This certificate has been verified for the following usages:

SSL Server Certificate

Issued To

Common Name (CN)

Organization (O)

Organizational Unit (OU)

Issued By

Common Name (CN)

Let’s Encrypt Authority X3

Organization (O)

Let’s Encrypt

Organizational Unit (OU)

Validity Period

I have no idea what that script is doing.

And why that script tries to use dns validation instead of http validation.

Read

then check, if you can use http validation.

That

looks that this script doesn’t really work.

1 Like

OK. will read it and hopefully find a solution.

Thank you for your time.

If you don’t really need the DNS entry for the wildcard (as CNAME), you might get this to work after deleting that entry.
*.bigbluebutton.4cpubiz.com CNAME sbsfe-p11r.geo.mf0.yahoodns.net

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.