The client lacks sufficient authorization :: No TXT record found at _acme-challenge.bigbluebutton.4cpubiz.com

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
domain name: bigbluebutton.4cpubiz.com
I ran this command:
./bbb-install.sh -v xenial-22 -s bigbluebutton.4cpubiz.com -l -x -e ruben@4cpubiz.com
It produced this output:
See error below
My web server is (include version):

The operating system my web server runs on is (include version):
using Ubuntu 16.04.7 LTS (GNU/Linux 4.15.0-1083-gcp x86_64)
DNS record is managed by yahoo small biz.

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
YES
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

error:
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. bigbluebutton.4cpubiz.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge.bigbluebutton.4cpubiz.com

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: bigbluebutton.4cpubiz.com
  Type: unauthorized
  Detail: No TXT record found at
  _acme-challenge.bigbluebutton.4cpubiz.com

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

• cp /tmp/bigbluebutton.bak /etc/nginx/sites-available/bigbluebutton
  cp: cannot stat ‘/tmp/bigbluebutton.bak’: No such file or directory
• systemctl restart nginx
• err ‘Let’’‘s Encrypt SSL request for bigbluebutton.4cpubiz.com did not succeed - exiting’
• say ‘Let’’‘s Encrypt SSL request for bigbluebutton.4cpubiz.com did not succeed - exiting’
• echo ‘bbb-install: Let’’‘s Encrypt SSL request for bigbluebutton.4cpubiz.com did not succeed - exiting’
  bbb-install: Let’s Encrypt SSL request for bigbluebutton.4cpubiz.com did not succeed - exiting
• exit 1
  My domain is:
  bigbluebutton.4cpubiz.com

Hi @cliep

your setup can't work, see your check https://check-your-website.server-daten.de/?q=bigbluebutton.4cpubiz.com

You have a wildcard CNAME:

So the required _acme-challenge.bigbluebutton.4cpubiz.com is an alias of sbsfe-p11r.geo.mf0.yahoodns.net.

But I don't think that script ./bbb-install.sh is able to create there the required TXT entry.

Do you really need a wildcard with dns validation? Or is it possible to use http-validation?

Thank you for your response. In order to have the Bigbluebutton video conference server to be seen, it must have an SSL certificate. I ran it on a digital ocean VM instance last year. The same installation as above and it worked out fine. here is that URL: bigbluebutton.page1onweb.com and it worked out fine. It is also hosted on smallbiz.yahoo.com.

I am at a loss. Can’t figure it out.

here is the information on that certificate;
GeneralDetails

This certificate has been verified for the following usages:

SSL Server Certificate

Issued To

Common Name (CN)

Organization (O)

Organizational Unit (OU)

Issued By

Common Name (CN)

Let’s Encrypt Authority X3

Organization (O)

Let’s Encrypt

Organizational Unit (OU)

Validity Period

I have no idea what that script is doing.

And why that script tries to use dns validation instead of http validation.

Read

then check, if you can use http validation.

That

looks that this script doesn't really work.

OK. will read it and hopefully find a solution.

Thank you for your time.

If you don’t really need the DNS entry for the wildcard (as CNAME), you might get this to work after deleting that entry.
*.bigbluebutton.4cpubiz.com CNAME sbsfe-p11r.geo.mf0.yahoodns.net

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.