My domain is: testletsencrypt.com
I ran this command:
certbot certonly --csr test2.testletsencrypt.com.csr --dns-nsone --dns-nsone-credentials creds.txt
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator dns-nsone, Installer None Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Performing the following challenges: dns-01 challenge for test2.testletsencrypt.com Starting new HTTPS connection (1): api.nsone.net Cleaning up challenges Starting new HTTPS connection (1): api.nsone.net Error determining zone identifier: 404 Client Error: Not Found.
My web server is (include version): N/A
The operating system my web server runs on is (include version): CentOS Linux release 7.6.1810 (Core)
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): 0.34.2
When I dug into the 404, it is unable to get to /v1/zones/test2.testletsencrypt.com. When I try in my browser, I see that is indeed a 404, but /v1/zones/testletsencrypt.com is a 200.
I am attempting to get a cert for test2.testletsencrypt.com (that’s the CN in the CSR). When I try adding -d testletsencrypt.com, it complains that the domain does not match the CN. However, ns1 does not consider test2.teestletsencrypt.com to be a zone. Is there a way with certbot to say “Use this zone for authentication but my cert is some subdomain of that zone?”