Trying to create a wildcard certificate for *.bixledger.com

I've successfully created the SSL certificate for the domain bixledger.com a month ago at one server. Now I am trying to create the wildcard certificate for the domain *.bixledger.com, but at another server. After a few unsuccessful tries, I decided to ask for help from you.

Thank you very much in advance.

My domain is: bixledger.com

I ran this command: certbot certonly --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory --manual-public-ip-logging-ok -d *.bixledger.com

It produced this output:

Saving debug log to C:\Certbot\log\letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for bixledger.com

Please deploy a DNS TXT record under the name
_acme-challenge.bixledger.com with the following value:
Z0Jt2AfXz1WIIh2dJd3jcw2GL1WCHCINgDqhY11xx0o
Before continuing, verify the record is deployed.

Press Enter to Continue
Waiting for verification...
[31mChallenge failed for domain bixledger.com[0m
dns-01 challenge for bixledger.com
Cleaning up challenges
[31mSome challenges have failed.[0m
[1m
IMPORTANT NOTES:
[0m - The following errors were reported by the server:
Domain: bixledger.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.bixledger.com - check that a DNS record exists for this domain
My web server is (include version): node.js (6.14.4)

The operating system my web server runs on is (include version): Windows Server 2016

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.5.0

Welcome to the Let's Encrypt Community, Slobodan

You need to create a TXT record in your DNS with host/name of _acme-challenge.bixledger.com. and the value specified by certbot (Z0Jt2AfXz1WIIh2dJd3jcw2GL1WCHCINgDqhY11xx0o).

After you create the TXT record, use the following tool to check that _acme-challenge.bixledger.com was created and propagated successfully. Look under ;ANSWER for the result.

See JuergenAuer's analysis below to understand what you did wrong.

Hi @skosanovic

you have created the wrong entry - see your check, some days old - https://check-your-website.server-daten.de/?q=bixledger.com#txt

Your menu adds your domain name, so your domain name is duplicated.

Use _acme-challenge as domain name.

@JuergenAuer

This issue with appending the domain name to the host/name seems to be quite prevalent in many DNS managers. I wonder if appending a period would keep the host/name from being relative and thus prevent the issue.

_acme-challenge.bixledger.com ->
_acme-challenge.bixledger.com.

You think one small period will stop the Big Go Daddy Monster!
hahahaha!

You would think that a simple check would catch the duplicate within the DNS manager.
"Are you sure you want to add xyz.YOUR-DOMAIN.YOUR-DOMAIN ?"

What's funny is that I wrote that and then went to see if they used GoDaddy or not.
[you guessed it]

Hi, Jurgen,

Thank you so much for your quick answer. This was the problem and you've found the solution.

Greetings,

Slobodan

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.