Two DNS records asked?


About wildcards :
Today I succeded to put a certificate on *.mydomain.tld using the DNS manual check.

Doing so, I figured out that mydomain.tld wasn’t certified (all subdomains was).

So I tryed to expand the certificate to mydomain.tld to , still using the manual DNS check.

The problem is the « checking process » asks me to add two TXT DNS entries, I guess one for *.mydomain.tld and one for mydomain.tld .
I added both entries but of course the checking process fails because it detects a wrong entry…

How should I do that in a propper way ?

Thx a lot for your concern

No, it sounds like you did the right thing.

If you added records "ABC" and "XYZ" and one of the validations failed saying "looked for record 'ABC', found record 'XYZ'" or whatever, that means only one of them existed. If both existed, it would have worked.

Are you sure you added both records? Are you sure the authoritative DNS servers were serving both records? Maybe it was necessary to wait a few minutes longer?

1 Like

Thx for the reply and sorry for the delay.

Yes, I’m sure I added both records. I’m gonna try again with a few more minutes between the adding TXT records and the checking, but i’m pretty sure it will fail again…

Just to be sure, with two records, we write it like that :
_acme-challenge.mydomain.tld. IN TXT “CHAIN_ONE”
_acme-challenge.mydomain.tld. IN TXT “CHAINE_TWO”

Thx again and I’ll keep you in touch.

Well, as expected I tryied after ~30min and I got the same error :
Failed authorization procedure. mydomain.tld (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record “LuRzTwxtxL1S4jH-nkUCHxTnU0D3FrVjOj0cuZCPJwY” found at _acme-challenge.mydomain.tld

This record is the first one the checkin’ test asks to put.

In an other way to solve it, is it possible to add more than one SSLCertificateFile in a Apache Virtualhost ? It could do the trick (just have to create 2 certificates) but I suspect it’s not possible…

Then the second DNS record didn't exist. Either you didn't add it, or the DNS servers hadn't updated yet.

What's the name of the site? Did you check the DNS records yourself with dig or something?

No, but you can have multiple virtual hosts.

I don’t understand how it can not exist, it is in my file, the checkconf is not getting any errors…

I tried dig -t txt _acme-challenge.mydomain.tld, I actually just had the first record for answer… I don’t get it. :o

I finally succeeded !! I had to force the dns refresh (bind restart and all stuff) to finally get it…

Thx a lot for your time mnordhoff, and your patience. May the Force be with you :smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.