Trying to create a wildcard certificate for *.bixledger.com

I've successfully created the SSL certificate for the domain bixledger.com a month ago at one server. Now I am trying to create the wildcard certificate for the domain *.bixledger.com, but at another server. After a few unsuccessful tries, I decided to ask for help from you.

Thank you very much in advance.

My domain is: bixledger.com

I ran this command: certbot certonly --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory --manual-public-ip-logging-ok -d *.bixledger.com

It produced this output:

Saving debug log to C:\Certbot\log\letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for bixledger.com


Please deploy a DNS TXT record under the name
_acme-challenge.bixledger.com with the following value:
Z0Jt2AfXz1WIIh2dJd3jcw2GL1WCHCINgDqhY11xx0o
Before continuing, verify the record is deployed.


Press Enter to Continue
Waiting for verification...
[31mChallenge failed for domain bixledger.com[0m
dns-01 challenge for bixledger.com
Cleaning up challenges
[31mSome challenges have failed.[0m
[1m
IMPORTANT NOTES:
[0m - The following errors were reported by the server:
Domain: bixledger.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.bixledger.com - check that a DNS record exists for this domain
My web server is (include version): node.js (6.14.4)

The operating system my web server runs on is (include version): Windows Server 2016

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.5.0

2 Likes

Welcome to the Let's Encrypt Community, Slobodan :slightly_smiling_face:

You need to create a TXT record in your DNS with host/name of _acme-challenge.bixledger.com. and the value specified by certbot (Z0Jt2AfXz1WIIh2dJd3jcw2GL1WCHCINgDqhY11xx0o).

After you create the TXT record, use the following tool to check that _acme-challenge.bixledger.com was created and propagated successfully. Look under ;ANSWER for the result.


See JuergenAuer's analysis below to understand what you did wrong.

1 Like

Hi @skosanovic

you have created the wrong entry - see your check, some days old - https://check-your-website.server-daten.de/?q=bixledger.com#txt

Domainname TXT Entry Status āˆ‘ Queries āˆ‘ Timeout
bixledger.com ok 1 0
_acme-challenge.bixledger.com Name Error - The domain name does not exist 1 0
_acme-challenge.bixledger.com.bixledger.com 3aWwG1jCxtkz9giAQ8_gZ_-YbVdFukWTitJxT77CZnc perhaps wrong 1 0
_acme-challenge.bixledger.com.bixledger.com 4LzTSmUQrc4ZlcmAqSs000QiVt8JGxXLqWUBLojs_80 perhaps wrong 1 0
_acme-challenge.bixledger.com.bixledger.com QK7vlP2I3JaDdik0fmdeF-osQxk27XBJ6ouEzEDqS4w perhaps wrong 1 0

Your menu adds your domain name, so your domain name is duplicated.

Use _acme-challenge as domain name.

2 Likes

@JuergenAuer

This issue with appending the domain name to the host/name seems to be quite prevalent in many DNS managers. I wonder if appending a period would keep the host/name from being relative and thus prevent the issue.

_acme-challenge.bixledger.com ->
_acme-challenge.bixledger.com.

2 Likes

You think one small period will stop the Big Go Daddy Monster!
hahahaha!

You would think that a simple check would catch the duplicate within the DNS manager.
"Are you sure you want to add xyz.YOUR-DOMAIN.YOUR-DOMAIN ?"

What's funny is that I wrote that and then went to see if they used GoDaddy or not.
[you guessed it]

2 Likes

Hi, Jurgen,

Thank you so much for your quick answer. This was the problem and you've found the solution.

Greetings,

Slobodan

4 Likes