TXT record not found


TXT record is not found, but it seems I have saved it correctly to DNS. I waited more than hour. I already have certificates running fine for months, but I am checking the wildcard option now.
Thank you for any help.

My domain is:

I ran this command:
certbot -i apache -d “*.nethar.com” --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges=dns --manual

It produced this output:
Domain: nethar.com
Type: unauthorized
Detail: No TXT record found at _acme-challenge.nethar.com

dig -t txt nethar.com
nethar.com. 900 IN TXT “_acme-challenge.nethar.com=h9T817OL9MGumsefMcJj-rugRndfGgftVfCL-zkjGSw”


It’s not quite correct. :sweat:

I don’t know exactly what your DNS interfaces looks like, but you created the record with a name like ‘@’ or ‘nethar.com.’ and the value ‘"_acme-challenge.nethar.com=h9T817OL9MGumsefMcJj-rugRndfGgftVfCL-zkjGSw"’.

You needed to create a record with a name like ‘_acme-challenge’ or ‘_acme-challenge.nethar.com.’ and the value ‘"h9T817OL9MGumsefMcJj-rugRndfGgftVfCL-zkjGSw"’.

When you try again, the TXT record will have a different value.

If you run into more trouble, can you post a screenshot of your DNS control panel?

Also, if you issue the certificate manually like this, you will also have to renew it manually at least every 90 days. It might be worth switching to a DNS service you can automate, or not using a wildcard certificate.

Also also, ‘*.nethar.com’ does not cover ‘https://nethar.com/’ with no subdomains. If you want that, you need to run Certbot with ’-d nethar.com -d "*.nethar.com" (and set two TXT records).


Thank you very much for your answers.

  1. splitting it into name and value - will do. I tried before and no lookup services retrieved it. So I thought this is the right format (standard RFC 1464 structured format). I will check with my provider why it is not distributed when splitted, maybe some error on their side. Right now you are correct I am using @

  2. Renewing - yes, I am in the beginning of the testing, could be I change to something else, thanks for hinting it.

  3. *.nethar.com - I actually want subdomains only, that’s fine.


Are you checking it with “dig txt _acme-challenge.nethar.com”?


As @mnordhoff pointed out, the TXT record is not added to the base domain (as you’ve shown in your digging); It is on its’ own subdomain "_acme-challenge."yourdomain.tld: